Commit Graph

1547 Commits

Author SHA1 Message Date
Omar Roth
92798abb5d Add manifest-src to CSP 2020-03-19 13:41:08 -05:00
Omar Roth
59a15ceef6
Remove VarInt class 2020-03-15 17:47:16 -04:00
Omar Roth
4011a113cc
Strip invalid characters from referer URLs 2020-03-15 17:47:16 -04:00
leonklingele
70cbe91776
Migrate to a good Content Security Policy (#1023)
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
2020-03-15 16:46:08 -05:00
Omar Roth
f92027c44b
Escape 'sort_by' 2020-03-10 11:25:32 -04:00
Omar Roth
1443335315
Switch textcaptcha to HTTPS 2020-03-10 11:12:11 -04:00
Omar Roth
bb72672dd9
Replace static asset requests with QUIC 2020-03-06 13:53:35 -05:00
Omar Roth
d96dee3aa6
Add debug info to videoplayback 2020-03-06 13:50:00 -05:00
Omar Roth
bd0aaa343b
Prevent storyboards from hanging 2020-03-05 13:49:06 -05:00
Omar Roth
a117d87f33
Skip validation checks for videoplayback, ggpht 2020-03-04 13:06:17 -05:00
Omar Roth
9dc4f8a1aa
Escape item titles in search page 2020-03-04 13:03:14 -05:00
leonklingele
0d536d11e3
Verify token signature in constant time, Run cheap checks first in token validation process (#1032)
* Verify token signature in constant time

To prevent timing side channel attacks

* Run cheap checks first in token validation process

Expensive checks such as the nonce lookup on the database or the
signature check can be run after cheap/fast checks.
2020-03-02 10:04:36 -06:00
Omar Roth
e21f770485
Fix status check for channel page 2020-02-28 15:57:45 -05:00
Omar Roth
697c00dccf
Sanitize PLID 2020-02-28 14:10:01 -05:00
Omar Roth
1caf6a3298
Fix deadlock when updating notifications 2020-02-28 13:13:48 -05:00
Omar Roth
02fd02d482
Remove DB array concatenation 2020-02-28 12:14:29 -05:00
Pedro Lucas Porcellis
239fb0db94
Remove duplicated Github logo on footer (#986)
* Remove duplicated Github logo on footer
2020-02-20 18:50:54 -05:00
Omar Roth
43da06a354
Remove temp fix for crystal/crystal-lang#7383 2020-02-20 18:30:46 -05:00
Omar Roth
fea6b67067
Remove 'type' attribute from community embed 2020-02-20 18:30:46 -05:00
Leon Klingele
bc9dc3bf1e
Update code formatting for Crystal 0.33.0
Crystal 0.33.0 introduced some changes to to the code formatter.
Run "crystal tool format" so CI doesn't fail anymore.
2020-02-15 19:52:28 +01:00
Leon Klingele
e3c10d779d
Add support to read config from environment variable
Try to read app config from the "INVIDIOUS_CONFIG" environment variable.
If the variable is undefined, read config from config.yml file as before.

Required by https://github.com/omarroth/invidious/pull/1015 et al.
2020-02-04 15:53:46 +01:00
Omar Roth
9841f74adc
Add handling for comments with no content 2020-02-01 12:14:37 -05:00
Omar Roth
b56e493d92
Remove frameborder from community embeds 2020-02-01 11:23:12 -05:00
Omar Roth
a2c5211b20
Check /browse_ajax for channel blocks 2020-02-01 11:23:12 -05:00
Omar Roth
648cc0f006
Refactor signature extraction 2020-01-24 17:02:28 -05:00
Omar Roth
7baced75e5
Fix channel redirect 2020-01-14 08:21:17 -05:00
Omar Roth
7b88d0efe3
Minor refactor 2020-01-08 20:27:21 -05:00
Omar Roth
4aada65dae
Fix channel playlists for genre channels 2020-01-08 20:26:47 -05:00
Omar Roth
88a538e71b
Minor refactor for channel playlists 2019-12-05 15:47:35 -05:00
Omar Roth
513363504f
Add better error message for fetch_channel 2019-12-05 15:46:21 -05:00
Omar Roth
0e844edacb
Add support for pt-BR 2019-12-05 15:26:35 -05:00
Omar Roth
1499ce43bf
Add support for Romanian locale 2019-12-03 19:41:58 -05:00
Omar Roth
823603650f
Add support for /sorry/index CAPTCHA 2019-12-03 19:14:11 -05:00
Omar Roth
062867a38d
Strip domain from caption URLs 2019-12-01 17:52:39 -05:00
Omar Roth
04d56420d1 Run 'crystal tool format' 2019-11-28 08:20:44 -06:00
Omar Roth
a017574f74 Add support for force_resolve to QUIC client 2019-11-28 08:19:28 -06:00
Omar Roth
0e3a48ff76
Update QUICPool 2019-11-24 13:41:47 -05:00
Omar Roth
276bf09238
Skip preferences for assets 2019-11-20 12:04:53 -05:00
Omar Roth
d46b26e3bc
Use QUIC for connections to YouTube 2019-11-18 17:28:32 -05:00
Omar Roth
236c172c6f
Merge pull request #896 from sh4dowb/master
Fixed double quotes in meta description
2019-11-14 10:38:38 -05:00
Omar Roth
c07cd3a856
Fix typo in playlist url 2019-11-14 10:11:33 -05:00
sh4dowb
79da61782b
Fixed double quotes in meta description 2019-11-11 19:00:23 +03:00
Omar Roth
8af87f1a8b
Fix updating of cookies 2019-11-10 10:02:02 -05:00
Omar Roth
494c954cbb
Add etag to /api/v1/annotations 2019-11-09 22:05:17 -05:00
Omar Roth
71bc9eea28
Add support for Anti-Captcha 2019-11-09 14:22:39 -05:00
Omar Roth
e3b2bcfd06
Fix ID for search duration 2019-11-08 09:29:33 -05:00
Omar Roth
142d974641
Use force_resolve for search suggestions 2019-11-07 12:25:34 -05:00
Omar Roth
0e1d6aa85c
Update error messages for video extractor 2019-11-05 19:39:11 -05:00
Omar Roth
bcdb8cd770
Fix default fo dark_mode 2019-11-04 17:08:13 -05:00
Omar Roth
7b2ca55089
Fix escaping in email query 2019-11-04 12:26:05 -05:00