v.1.3.0 WebRTC doesn't pass query to external authentication server

Kaspermn33 commented 11 months ago

Which version are you using?

v1.2.1 and v1.3.0

Which operating system are you using?

[ ] Linux amd64 standard
[ ] Linux amd64 Docker
[ ] Linux arm64 standard
[ ] Linux arm64 Docker
[ ] Linux arm7 standard
[ ] Linux arm7 Docker
[ ] Linux arm6 standard
[ ] Linux arm6 Docker
[ ] Windows amd64 standard
[ ] Windows amd64 Docker (WSL backend)
[x] macOS amd64 standard
[ ] macOS amd64 Docker
[ ] Other (please describe)

Describe the issue

My setup

I'm using mediamtx as a middleman for loading an RTSP stream into my react frontend. I'm using my own backend as an external authentication server. It expects to receive a token in the query field of the payload. Reading and writing should be in this format. Some/Extended/Path?token=SecretToken

The problem

I can publish an RTSP stream fine using ffmpeg with the token, but I can't read it again with WebRTC. When I unmarshal the payload in my backend, I can see that the query field is an empty string. I've found that it works with release v1.2.1, and breaks with v1.3.0.

The only difference I can see in the logs, is that with v1.3.0, the token seems to disappear after the server makes a 301 redirection. And for some reason, it transforms my path into Some/Extended/Some/Extended/Path from Some/Extended/Path, but I'm guessing this is just a formatting change.

Let me know if you need more information.

Describe how to replicate the issue

configure server to use external authentication server
start external authentication server, that accepts token in query from payload
start the mediamtx
publish with ffmpeg with a token as a query parameter (works)
read with webrtc with a token as a query parameter (fails)

Did you attach the server logs?

yes

v1.2.1 logs

2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] GET /Some/Extended/Path
2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [c->s] GET /Some/Extended/Path?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36

2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [s->c] HTTP/1.1 301 Moved Permanently
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: /Some/Extended/Path/?token=SecretToken
Server: mediamtx

2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] GET /Some/Extended/Path/
2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [c->s] GET /Some/Extended/Path/?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36

2023/11/28 16:08:40 DEB [WebRTC] [conn [::1]:64669] [s->c] HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Content-Type: text/html
Server: mediamtx

v.1.3.0 logs

2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] GET /Some/Extended/Path
2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [c->s] GET /Some/Extended/Path?token=SecretToken HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36

2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [s->c] HTTP/1.1 301 Moved Permanently
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: Some/Extended/Path/
Server: mediamtx

2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] GET /Some/Extended/Some/Extended/Path/
2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [c->s] GET /Some/Extended/Some/Extended/Path/ HTTP/1.1
Host: localhost:8889
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Referer: http://localhost:5173/
Sec-Ch-Ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
Sec-Ch-Ua-Mobile: ?1
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36

2023/11/29 07:51:24 DEB [WebRTC] [conn [::1]:57495] [s->c] HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Server: mediamtx
Www-Authenticate: Basic realm="mediamtx"

Did you attach a network dump?

no

aler9 commented 10 months ago

Hello, this is fixed since v1.4.0 (see #2773 and #2771)

github-actions[bot] commented 4 months ago

This issue is being locked automatically because it has been closed for more than 6 months. Please open a new issue in case you encounter a similar problem.

bluenviron / mediamtx