From f237fd984762204058ccfa248ea5c85c86413c2e Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Sun, 19 May 2019 07:12:45 -0500 Subject: [PATCH] Fix CORS headers for proxied assets --- src/invidious.cr | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index f8335394..c3153d6b 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -5063,13 +5063,16 @@ get "/videoplayback" do |env| env.response.status_code = response.status_code response.headers.each do |key, value| - env.response.headers[key] = value + if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key + env.response.headers[key] = value + end end + env.response.headers["Access-Control-Allow-Origin"] = "*" + if response.headers["Location"]? url = URI.parse(response.headers["Location"]) host = url.host - env.response.headers["Access-Control-Allow-Origin"] = "*" url = url.full_path url += "&host=#{host}" @@ -5086,8 +5089,6 @@ get "/videoplayback" do |env| env.response.headers["Content-Disposition"] = "attachment; filename=\"#{URI.escape(title)}\"; filename*=UTF-8''#{URI.escape(title)}" end - env.response.headers["Access-Control-Allow-Origin"] = "*" - proxy_file(response, env) end end @@ -5109,15 +5110,18 @@ get "/ggpht/*" do |env| end client.get(url, headers) do |response| - env.response.status_code = response.status_code response.headers.each do |key, value| - env.response.headers[key] = value + if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key + env.response.headers[key] = value + end end if response.status_code == 304 break end + env.response.headers["Access-Control-Allow-Origin"] = "*" + proxy_file(response, env) end end @@ -5153,13 +5157,17 @@ get "/sb/:id/:storyboard/:index" do |env| client.get(url, headers) do |response| env.response.status_code = response.status_code response.headers.each do |key, value| - env.response.headers[key] = value + if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key + env.response.headers[key] = value + end end if response.status_code >= 400 break end + env.response.headers["Access-Control-Allow-Origin"] = "*" + proxy_file(response, env) end end @@ -5191,13 +5199,17 @@ get "/vi/:id/:name" do |env| client.get(url, headers) do |response| env.response.status_code = response.status_code response.headers.each do |key, value| - env.response.headers[key] = value + if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key + env.response.headers[key] = value + end end if response.status_code == 304 break end + env.response.headers["Access-Control-Allow-Origin"] = "*" + proxy_file(response, env) end end