From b4b0a8ab7553a1022ee80c433d77bc42e9a9d0d6 Mon Sep 17 00:00:00 2001 From: Fijxu Date: Mon, 31 Mar 2025 23:18:51 -0300 Subject: [PATCH] remove cookie restrictions Having to check if the cookie is inside a list of allowed domains on invidious doesn't seem really useful because a reverse proxy like NGINX and HAProxy will only send the client request to Invidious if the Host header that the client sent to the server, matches with the `hdr(host)` (haproxy) or `server_name` (nginx) set by the server configuration. --- src/invidious/routes/login.cr | 16 ++-------------- src/invidious/routes/preferences.cr | 18 +++--------------- 2 files changed, 5 insertions(+), 29 deletions(-) diff --git a/src/invidious/routes/login.cr b/src/invidious/routes/login.cr index 0e62f579..197ff408 100644 --- a/src/invidious/routes/login.cr +++ b/src/invidious/routes/login.cr @@ -60,13 +60,7 @@ module Invidious::Routes::Login sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) Invidious::Database::SessionIDs.insert(sid, email) - # Checks if there is any alternative domain, like a second domain name, - # TOR or I2P address - if alt = CONFIG.alternative_domains.index(env.request.headers["Host"]) - env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid) - else - env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) - end + env.response.cookies["SID"] = Invidious::User::Cookies.sid(env.request.headers["Host"], sid) else return error_template(401, "Wrong username or password") end @@ -169,13 +163,7 @@ module Invidious::Routes::Login view_name = "subscriptions_#{sha256(user.email)}" PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") - # Checks if there is any alternative domain, like a second domain name, - # TOR or I2P address - if alt = CONFIG.alternative_domains.index(env.request.headers["Host"]) - env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid) - else - env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) - end + env.response.cookies["SID"] = Invidious::User::Cookies.sid(env.request.headers["Host"], sid) if env.request.cookies["PREFS"]? user.preferences = env.get("preferences").as(Preferences) diff --git a/src/invidious/routes/preferences.cr b/src/invidious/routes/preferences.cr index 27b1c2a5..329ddabb 100644 --- a/src/invidious/routes/preferences.cr +++ b/src/invidious/routes/preferences.cr @@ -223,14 +223,8 @@ module Invidious::Routes::PreferencesRoute File.write("config/config.yml", CONFIG.to_yaml) end - else - # Checks if there is any alternative domain, like a second domain name, - # TOR or I2P address - if alt = CONFIG.alternative_domains.index(env.request.headers["Host"]) - env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences) - else - env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) - end + + env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(env.request.headers["Host"], preferences) end env.redirect referer @@ -265,13 +259,7 @@ module Invidious::Routes::PreferencesRoute preferences.dark_mode = "dark" end - # Checks if there is any alternative domain, like a second domain name, - # TOR or I2P address - if alt = CONFIG.alternative_domains.index(env.request.headers["Host"]) - env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences) - else - env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) - end + env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(env.request.headers["Host"], preferences) end if redirect