From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id B27EE46087
	for <ffmpegdev@gitmailbox.com>; Wed,  3 May 2023 22:26:15 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5353368B6C6;
	Thu,  4 May 2023 01:26:12 +0300 (EEST)
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 75D2D6801F5
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 May 2023 01:26:05 +0300 (EEST)
Received: (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id 9BF3B20003
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 22:26:04 +0000 (UTC)
Date: Thu, 4 May 2023 00:26:03 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20230503222603.GG1391451@pb2>
References: <20230502193631.10844-1-michael@niedermayer.cc>
 <f1acf68c-7c4f-a60c-9efc-83782ef4d4b6@gmail.com>
 <20230502201627.GA1391451@pb2>
 <b12f9d44-e819-3da3-fd5e-cbee012308f4@gmail.com>
 <CA+anqdynX+CJsU0HUM2eBvesd9=yibG7DnTTSyJzApEKboBHpw@mail.gmail.com>
 <20230503104941.GC1391451@pb2>
 <CA+anqdxbSyjer_5cCoGOoc48mS9GGMdt=-qenyeCpAhouz=sXg@mail.gmail.com>
 <20230503190842.GF1391451@pb2>
 <6b734fb1-3e03-bfde-8f74-df38229e3d66@rothenpieler.org>
MIME-Version: 1.0
In-Reply-To: <6b734fb1-3e03-bfde-8f74-df38229e3d66@rothenpieler.org>
Subject: Re: [FFmpeg-devel] [PATCH] [RFC] avformat: Add basic same origin
 check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============5955692325875660777=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230503222603.GG1391451@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============5955692325875660777==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="FwyhczKCDPOVeYh6"
Content-Disposition: inline


--FwyhczKCDPOVeYh6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 03, 2023 at 11:01:43PM +0200, Timo Rothenpieler wrote:
> On 03.05.2023 21:08, Michael Niedermayer wrote:
> > > > > A quick check for example shows that even something as simple as =
the
> > > > > HLS BBC Radio streams will fail _all_ checks, since the playlists=
 are
> > > > > hosted on another host entirely as the media, thanks to akamai li=
ve
> > > > > streaming.
> > > > > Playlist here, as an example:
> > > > > http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/hl=
s/nonuk/sbr_low/ak/bbc_radio_one.m3u8
> > > >=20
> > > > yes, thats why it says RFC in the subject, i had expected that a bi=
t already
> > > >=20
> > > > still OTOH, blocking these by default is the safer option, i mean i=
f a user
> > > > does a
> > > > ./ffplay http://trustedfoobar.org/cutevideo.avi
> > > >=20
> > > > would she expect that video to access http://127.0.0.1/ and later h=
ttp://evilhost/localwebscan-success
> > > > I think this should not be possible by default settings, its unexpe=
cted
> > > >=20
> > >=20
> > > Coming from the other side -- If the user needs to set the flag for
> > > nearly all streams, then they are not going to check in the future and
> > > just set it, defeating the purpose of them. At which point we might as
> > > well not burden them.
> >=20
> > Yes, we need a system that is secure and works in most cases.
>=20
> What about doing what actual browsers do, and reading the
> Access-Control-Allow-Origin HTTP header, and checking if the current orig=
in
> is allowed?
>=20
> This does not really work for local files. Best you could do is check for
> "*" or not.
> But would at least fix the BBC+Akamai case.

I like the idea, do you want to implement it ?

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Everything should be made as simple as possible, but not simpler.
-- Albert Einstein

--FwyhczKCDPOVeYh6
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZFLfdgAKCRBhHseHBAsP
q6cFAJ44MxcJPUgUZ4wLTQUJAVcNyh7SAwCeJyuqhwa9Qrymhn7Ko3hUz8WsKl0=
=oaw4
-----END PGP SIGNATURE-----

--FwyhczKCDPOVeYh6--

--===============5955692325875660777==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============5955692325875660777==--