[vlc-devel] [PATCH] This patch adds an --http-add-head-string (additional header string) option to vlc

Rémi Denis-Courmont remi at remlab.net
Mon Aug 2 10:51:50 CEST 2010

On Mon, 02 Aug 2010 09:38:38 +0200, Maximilian Podany <m.podany at art-est.at>
> On Mon, 2010-08-02 at 09:15 +0200, Rémi Denis-Courmont wrote:
>> On Sun, 01 Aug 2010 20:57:04 +0200, Maximilian Podany
> <m.podany at art-est.at>
>> wrote:
>> > You could use it to add an arbitrary string to the
>> > HTTP-GET-request-header. For example a referer string like "Referer:
>> > http://www.example.com".
>> If you really want to fix that, you need to get the referer from the
>> browser (I don't know how that's done), and pass it. I am not convinced
>> that yet another obscure command line option solves the problem.
>> >  I noticed that if I use a vlc-firefox-plugin to play divx-streams it
>> > doesn't work on some servers.
>> >  After some research (wireshark and telnet ;-) I noticed that the
>> > divx-webplayer sends an referer string in the HTTP-GET-request-header
>> > and without the referer the server responds with "Moved Permanently".
>> >  So with this option you could use vlc to spoof a divx-webplayer (with
>> > user-agent changes).
>> >  But because you can define the whole header-line with this option,
> you
>> > could add every string you like.
>> Anything you like strikes me as a particularly bad idea. You can break
> the
>> HTTP protocol in so many ways. If you want to pass a referer, then pass
> a
>> referer, not an arbitrary string.
> Ok. Then what do you think about an --http-referer option?

If it is _validated_ properly, then it might work from the security point
of view. However...

> Would it also be "another obscure command line option" ?

It comes down to, how do you expect the user to make use of this? This
might work for you and a few power users who care to ask on our IRC
channel. But it won't solve the problem for the outstanding majority. I am
not a GNOME integrist, but I think VLC has too many configurations switches
rather than to few.

> I also don't know how to get the referer from the browser,

Neither do I, I'm afraid. 

> but if vlc has an referer option it can't be very difficult.

If you find out how to extract the referer from the browser, it would be
easy, sure.

Rémi Denis-Courmont

More information about the vlc-devel mailing list