Git-Mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-04-06 21:13:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge 5890768c31bd5d26a09ccec000d8cd31f09b6ca1 into 0c07e9d27ac773d8423143c11bbcd36eaae0f8e4

Browse Source
This commit is contained in:
lekma 2025-04-06 11:43:20 +10:00 committed by GitHub
commit 02f2a9cc23
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/invidious/routes/api/v1/authenticated.cr
View File

@ -398,7 +398,8 @@ module Invidious::Routes::API::V1::Authenticated
user = env.get("user").as(User)
locale = env.get("preferences").as(Preferences).locale
case env.request.headers["Content-Type"]?
content_type = env.request.headers["Content-Type"]?
case content_type
when "application/x-www-form-urlencoded"
scopes = env.params.body.select { |k, _| k.match(/^scopes\[\d+\]$/) }.map { |_, v| v }
callback_url = env.params.body["callbackUrl"]?
@ -419,11 +420,16 @@ module Invidious::Routes::API::V1::Authenticated
callback_url = URI.parse(callback_url)
end
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
if content_type != "application/json"
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
else
# is it enough?
env.response.status_code = 403
end
else
env.response.content_type = "application/json"