Shared cookies are required, for example, by certain HDS and HLS streams
that set a cookie when the manifest is read and expect it to be sent
back on subsequent fragment requests.
The cookie jar is created during playlist initialization. HTTP requests
inherit the cookie jar from the playlist.
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
* Moved cookie code to a separate file.
* Implemented domain and path matching algorithms from RFC 6265.
* Generates a single Cookie header consisting of a concatenation of all
matching cookie values.
* Sends Secure cookies only on https streams.
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Re-license almost all the playback modules to LGPLv2.1+ with
authorization from their respective contributors (230+)
This includes:
- access, codec, packetizers, demux
- audio filters, audio mixers, audio output
- video filters, video chroma, video output
- text renderers
- XML parser
- ARM NEON and SSE2 optimisations (mostly for chromas and filters)
Some modules are not concerned:
- BDA and DShow access modules because Manol Manolov is AWOL
- Real RTSP, because it is derived from Xine
- x264 and t140 because they are encoders only
- DLL Loader, because it is derived from MPlayer
- DTS packetizer, because Jon Lech Johansen is AWOL
- Shine and WMAfixed, because they are derived from Rockbox
- Real demuxer, as it is derived from MPlayer and Wang Bo is AWOL
- MPC demuxer, as Yavor Doganov is AWOL
- Tivo demuxer, because it is derived from an MPlayer fork
- Playlist demuxer, (WPL and ZPL parts missing), because suheaven is AWOL
- iOS audio output and video display, because author refuses the license change
- Equalizer and compressor, because Ronald Wright is AWOL
- Mono, Headphone and Dolby, because author refuses the license change
- hqdn3d and yadif, because they are from MPlayer/libavfilter
- remoteosd, because it derives from RealVNC code
- MMX optimisations, because Ollie Lho, from SiS, is AWOL
- Rotate, because it depends on GPL motion
Nota Bene:
- Some modules depend on GPL-only libraries, a LGPL module does not mean
that the resulting binary module will be LGPL.
Libraries affected would include liba52, libdvdcss, libdvdnav, libdvdread,
faad2, libdca, libmad, libmpeg2, libpostproc, SRC, sid, zvbi and probably others.
Quoting the reporter:
| According to include/vlc_access.h, access_t.psz_location is "URL with
| the scheme stripped". But in http module, schema stays there after
| 302 redirection. That may cause httplive module try to access URL like
| "http://http://host/path".
Pointed-out-by: bbcallen <bbcallen@gmail.com>
Keeping the credentials container saves some times, as we do not need
to load and parse all of the 100+ Certificate Authorities again.
In the future, it will also avoid reloading the stored public keys
(i.e. security exceptions), or asking for user confirmation again.
Given how the HTTP access is written, the credentials are now preserved
upon seeking. Unfortunately, they are not recycled across redirections
as access_t.p_sys gets destroyed internally. This also does not work
across multiple inputs - support from the instance or input manager
would be required.
The scope of cookies without a domain is limited to the current server.
The current logic is always wrong because either it's the same server
and the new cookie should supersede the old one, or it's a different
server and the old cookie should not be sent. This logic is still far
from RFC-compliant, but at least it should get it right some of the time.
Rémi Denis-Courmont
Antti Ajanki
Jean-Baptiste Kempf
Felix Paul Kühne
Edward Wang
Ilkka Ollakka
Rafaël Carré
Francois Cartegnie
Rui Zhang
Konstantin Pavlov
Pierre Ynard
Rémi Duraffort
Sébastien Escudier
Laurent Aimar