search

kaltura / nginx-secure-token-module

GNU Affero General Public License v3.0
116 stars 42 forks source link

Last-Modified issue with secure token module #80

Open andygr opened 5 years ago

andygr commented 5 years ago

Hello,

When I am activating the secure token module, there is always the same Last-Modified date/time.

For example, this is the request:

https://cdnuser1.example.com/hls/5d15498d3b4e13.57348983/1024_576_2200_5d15498d3b4e13.57348983_00063.ts?token=st=1570570271~exp=1570656671~acl=/hls/5d15498d3b4e13.57348983/*~hmac=e5ba663a0e01481b77663d997ad7be092fbc7df69a52add27f9cb6381f2bcc50

and the headers:

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,X-Auth-Token,Authorization,Accept,Client-Security-Token
Access-Control-Allow-Methods: OPTIONS, GET
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 565880
Content-Type: video/mp2t
Date: Tue, 08 Oct 2019 21:39:14 GMT
ETag: "865fb8019c16a38da2a6c7cbe0158441"
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Pragma: public
Server: nginx/1.17.0
X-Cache-Status: HIT
X-Proxy-Cache: HIT
X-Upstream-Http-Cache-Control: no-cache

and this is the token config in nginx

 akamai_token_validate $test_token;
 akamai_token_validate_key 58D8B91F68EE967B;
 secure_token $token;
 secure_token_types text/xml application/vnd.apple.mpegurl;
 secure_token_tokenize_segments on;

Have you seen something similar? I can't figure out way is using the default Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT

Regards, Andrew

erankor commented 5 years ago

The assumption is that segments do not change, so they get a fixed (old) last-modified, and a large max-age. Manifests, on the other hand, contain tokens that are expiring, so they get last-modified=now and a short max-age (we use 1 hour)