All geek questions in one place

Configuring signed cookies for https hvs hvs with php SDK

I configure the HLS streaming service through the cloud and implement several security measures to protect the content. I have successfully done this with http, I can broadcast the video and watch it on my website with a lot of protection measures to protect the content. For more information on how I managed to get it to work on http, you can consult him in a post I made to drupal.org about the safe hls stream .

But now I need to add https to the formula, because some encryption keys are transferred for the encrypted hls segments, but I'm having problems. Now I am working on adding https to the formula. I added the certificate to my site and I added another certificate to cludfront because my certificate is not wildcard.

My site certificate works for subdomain.mydomain.com

My cloud certificate is for * .mydomain.com

My cloud distribution has cname cdn.mydomain.com

When I create a cookie, I set the secure parameter to true in the call (6th parameter after the domain):

setcookie($name, $value, strtotime('+1 hour'), "/", ".mydomain.com", true, true);

But when I try to access some test data on my site

 if (readfile('https://cdn.mydomain.com/privacy_test.txt')==0) print "Error in cdn access";

I do not see the contents of the file on my website, but an error message.

So it seems to me that I need more things to make a cookie with aws signed clouds under https. Any help?

+5
source share
1 answer

Just setting the $secure setcookie() parameter does not create a signed cookie. The process of creating a signed cookie is a bit more complicated. First, review the use of signed cookies , in particular the Canned and Custom policy sections. You will need to familiarize yourself with creating a policy, base64encoding that policy and creating a signature from an encoded policy .

Using the code examples described in here , I then use the following code in several of my applications to set cookies:

 public static function getCustomSignedCookies() { $domain = '.' . explode('.', apache_request_headers()['Host'], 2)[1]; $dt = new DateTime(); $dt->add(new DateInterval('P1Y')); // 1 year $expires = $dt->getTimestamp(); $url = Config::get('cloudfront_url') . '/*'; $policy = self::getCustomPolicy($url, $expires); $encodedPolicy = self::url_safe_base64_encode($policy); $signature = self::getSignature($policy); $cookies = [ [ 'name' => 'CloudFront-Policy' , 'value' => $encodedPolicy , 'expires' => $expires , 'path' => '/' , 'domain' => $domain , 'secure' => true , 'httpOnly' => true ], [ 'name' => 'CloudFront-Signature' , 'value' => $signature , 'expires' => $expires , 'path' => '/' , 'domain' => $domain , 'secure' => true , 'httpOnly' => true ], [ 'name' => 'CloudFront-Key-Pair-Id' , 'value' => self::$keyPair , 'expires' => $expires , 'path' => '/' , 'domain' => $domain , 'secure' => true , 'httpOnly' => true ] ]; return $cookies; } public static function setCloudFrontCookies() { ob_start(); foreach (self::getCustomSignedCookies() as $cookie) { setcookie ( $cookie['name'] , $cookie['value'] , $cookie['expires'] , $cookie['path'] , $cookie['domain'] , $cookie['secure'] , $cookie['httpOnly'] ); } ob_end_flush(); }
0
source

Source: https://habr.com/ru/post/1245371/

More articles:


All Articles