From 61769c6f9cda464a179dd6da60aecfd8fce26663 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Wed, 27 Mar 2019 14:59:53 -0500 Subject: [PATCH] Fix local redirects in /videoplayback --- src/invidious.cr | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index 0daecfda..d375b6aa 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -4200,6 +4200,11 @@ get "/videoplayback" do |env| fvip = query_params["fvip"]? || "3" mns = query_params["mn"].split(",") + if query_params["region"]? + region = query_params["region"] + query_params.delete("region") + end + if query_params["host"]? && !query_params["host"].empty? host = "https://#{query_params["host"]}" query_params.delete("host") @@ -4216,8 +4221,6 @@ get "/videoplayback" do |env| end end - region = query_params["region"]? - response = HTTP::Client::Response.new(403) 5.times do begin @@ -4240,6 +4243,8 @@ get "/videoplayback" do |env| env.response.headers["Access-Control-Allow-Origin"] = "*" url = url.full_path + url += "&host=#{host.lchop("https://")}" + if region url += "®ion=#{region}" end @@ -4260,6 +4265,20 @@ get "/videoplayback" do |env| env.response.headers[key] = value end + if response.headers["Location"]? + url = URI.parse(response.headers["Location"]) + env.response.headers["Access-Control-Allow-Origin"] = "*" + + url = url.full_path + url += "&host=#{host.lchop("https://")}" + + if region + url += "®ion=#{region}" + end + + next env.redirect url + end + if title = query_params["title"]? # https://blog.fastmail.com/2011/06/24/download-non-english-filenames/ env.response.headers["Content-Disposition"] = "attachment; filename=\"#{URI.escape(title)}\"; filename*=UTF-8''#{URI.escape(title)}"