Bug #6078: tvheadend cookie keys break other services on the same domain. - Tvheadend

Bug #6078

tvheadend cookie keys break other services on the same domain.

Added by Gabor Kovacs over 3 years ago. Updated over 2 years ago.

Status:

Invalid

Priority:

Normal

Assignee:

Category:

User Interface

Target version:

Start date:

2021-08-04

Due date:

% Done:

Estimated time:

Found in version:

HTS Tvheadend 4.3-1974~g6efa41164

Affected Versions:

Description

The slash in the tvheadend cookie keys breaks a few other services running on the same domain.
This is the error message:

400 Bad Request
Illegal key 'ys-api/dvr/entry/grid_upcoming'

Traceback (most recent call last):
File "/app/tautulli/lib/cherrypy/_cprequest.py", line 732, in process_headers
self.cookie.load(value)
File "/usr/lib/python3.8/http/cookies.py", line 529, in load
self.__parse_string(rawdata)
File "/usr/lib/python3.8/http/cookies.py", line 593, in __parse_string
self.__set(key, rval, cval)
File "/usr/lib/python3.8/http/cookies.py", line 485, in __set
M.set(key, real_value, coded_value)
File "/usr/lib/python3.8/http/cookies.py", line 352, in set
raise CookieError('Illegal key %r' % (key,))
http.cookies.CookieError: Illegal key 'ys-api/dvr/entry/grid_upcoming'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/app/tautulli/lib/cherrypy/_cprequest.py", line 630, in respond
self._do_respond(path_info)
File "/app/tautulli/lib/cherrypy/_cprequest.py", line 658, in _do_respond
self.process_headers()
File "/app/tautulli/lib/cherrypy/_cprequest.py", line 734, in process_headers
raise cherrypy.HTTPError(400, str(exc))
cherrypy._cperror.HTTPError: (400, "Illegal key 'ys-api/dvr/entry/grid_upcoming'")

In my situation tvheadend breaks Tautulli, but searching the internet for a solution I've seen a many other examples where the slashes in tvheadend cookie keys break the service.

History

Updated by Flole Systems over 2 years ago

Status changed from New to Invalid

The slash is a valid ASCII character and is not one of the exceptions mentioned in RFC2616, so it is legal to use it. If other software is buggy then you should submit an issue report to the maintainers of it.

Updated by Dave H over 2 years ago

I'm getting an error from this cookie too. But a different error:

"Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit."

I confess I don't understand why the browser is sending a cookie set by TVH to localhost:9981 is being sent in a request to another completely different service on localhost:80 Is there a dummy's guide to how these things work that explains why? And ideally whether there is any way to stop it.

Updated by saen acro over 2 years ago

CTRL+F5
or clean cookies

Also available in: Atom PDF

Project

General

Profile

Tvheadend

Issues