This makes sure we don't send the Except: 100-continue header
if no authentication credentials have been provided.
Signed-off-by: Martin Storsjö <martin@martin.st>
Inspired by a patch by Jakob van Bethlehem. But instead of doing
an empty POST first to trigger the WWW-Authenticate header (which
would succeed if no auth actually was required), add an Expect:
100-continue header, which is meant to be used exactly for
cases like this.
The header is added if doing a post, and the user has specified
authentication but we don't know the auth method yet.
Not all common HTTP servers support the Expect: 100-continue header,
though, so we only try to use it when it really is needed. The user
can request it to be added for other POST requests as well via
an option - which would allow the caller to know immediately that
the POST has failed (e.g. if no auth was provided but the server
required it, or if the target URL simply doesn't exist).
This is only done for write mode posts (e.g. posts without pre-set
post_data) - for posts with pre-set data, we can just redo the post
if it failed due to 401.
Signed-off-by: Martin Storsjö <martin@martin.st>
The default is to autodetect the auth method. This does require one
extra request (and also closing and reopening the http connection).
For some cases such as HTTP POST, the autodetection is not handled
properly (yet).
No option is added for digest, since this method requires getting
nonce parameters from the server first and can't be used straight
away like Basic.
Signed-off-by: Martin Storsjö <martin@martin.st>
When passing a dict to the nested protocol, it will consume
the used options from it, so a separate copy needs to be used
when reopening the connection multiple times.
Signed-off-by: Martin Storsjö <martin@martin.st>
Derived from VLC's http module.
Original authors:
Antoine Cellerier <dionoea@videolan.org>
Sébastien Escudier <sebastien-devel@celeos.eu>
Rémi Duraffort <ivoire@videolan.org>
Rémi Denis-Courmont <remi@remlab.net>
Francois Cartegnie <fcvlcdev@free.fr>
Normally, http servers shouldn't send this to us since we
don't advertise it with an Accept-Encoding header, but some
servers still do it anyway.
Signed-off-by: Martin Storsjö <martin@martin.st>
The handling of the environment variable no_proxy, present since
one of the initial commits (de6d9b6404), is inconsistent with
how many other applications and libraries interpret this
variable. Its bare presence does not indicate that the use of
proxies should be skipped, but it is some sort of pattern for
hosts that does not need using a proxy (e.g. for a local network).
As investigated by Rudolf Polzer, different libraries handle this
in different ways, some supporting IP address masks, some supporting
arbitrary globbing using *, some just checking that the pattern matches
the end of the hostname without regard for whether it actually is
the right domain or a domain that ends in the same string.
This simple logic should be pretty similar to the logic used by
lynx and curl.
Signed-off-by: Martin Storsjö <martin@martin.st>
Use the MAX_URL_SIZE define where applicable. Increase buffer
sizes for all buffers that need to fit a long pathname - buffers
that need to fit only the hostname (and other short strings, but
not the pathname - such as "headers" in http_connect) are kept
at 1024 bytes for now.
Also increase the max line length in http_read_header, since it
might need to contain a full url for Location: redirects.
Signed-off-by: Martin Storsjö <martin@martin.st>
This can happen if doing a new request using the same socket,
but the new request failed, which clears the urlcontext.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes issues with opening http urls that have authentication
or redirects, introduced in commit e999b641.
Signed-off-by: Martin Storsjö <martin@martin.st>
Introduce ff_http_do_new_request(), a new function which sends a new
HTTP request, reusing the existing connection to the server.
Signed-off-by: Martin Storsjö <martin@martin.st>
Add a new AVOption 'multiple_requests', which indicates if we want
to use persistent connections (ie. Connection: keep-alive).
Signed-off-by: Martin Storsjö <martin@martin.st>
Allow up to 4 retries for normal requests, where both the
proxy and the target server might need to authenticate.
Signed-off-by: Martin Storsjö <martin@martin.st>
This definition is in two files, since the definitions will move
to the private header at the next bump.
Signed-off-by: Martin Storsjö <martin@martin.st>
This string will be passed to ff_http_auth_create_response
even if no proxy is used, resulting in reading uninitialized
memory. The other auth string is always initialized by
av_url_split.
Signed-off-by: Martin Storsjö <martin@martin.st>
The tls protocol handles connections via proxies internally.
With TLS/SSL, the peer verification requires that the client
speaks directly with the server, since the proxy doesn't have
the remote server's private key.
Signed-off-by: Martin Storsjö <martin@martin.st>
This opens a plain TCP connection through the proxy via the
CONNECT HTTP method. Normally, this is allowed for connections
on port 443, but can in general be used to allow connections
to any port (depending on proxy configuration), and could thus
be used to tunnel any TCP connection via a HTTP proxy.
Signed-off-by: Martin Storsjö <martin@martin.st>
Tested with both Basic and Digest authentication, and tested with
both proxy authentication and authentication for the requested
resource at the same time.
Signed-off-by: Martin Storsjö <martin@martin.st>
The error was hidden before, to avoid showing an error on the
first request where no auth has been provided, when the server
indicates which authentication method to use.
Now the error is printed if an authentication method was used,
but failed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The chunksize internal variable has two different uses - for
reading, it's the amount of data left of the current chunk
(or -1 if the server doesn't send data in chunked mode), where
it's only an internal state variable. For writing, it's used
to decide whether to enable chunked encoding (by default), by
using the value 0, or disable chunked encoding (value -1).
This, while consistent, doesn't make much sense to expose
as an AVOption. This splits the usage of the internal variable
into two variables, chunksize which is used for reading (as
before), and chunked_post which is the user-settable option,
with the values 0 and 1, where 1 is default.
Signed-off-by: Martin Storsjö <martin@martin.st>
All current usages of it are incompatible with localization.
For example strcasecmp("i", "I") != 0 is possible, but would
break many of the places where it is used.
Instead use our own implementations that always treat the data
as ASCII.
Signed-off-by: Martin Storsjö <martin@martin.st>
