Omar Roth
92798abb5d
Add manifest-src to CSP
2020-03-19 13:41:08 -05:00
Omar Roth
59a15ceef6
Remove VarInt class
2020-03-15 17:47:16 -04:00
Omar Roth
4011a113cc
Strip invalid characters from referer URLs
2020-03-15 17:47:16 -04:00
leonklingele
70cbe91776
Migrate to a good Content Security Policy ( #1023 )
...
So attacks such as XSS (see [0]) will no longer be of an issue.
[0]: https://github.com/omarroth/invidious/issues/1022
2020-03-15 16:46:08 -05:00
Omar Roth
f92027c44b
Escape 'sort_by'
2020-03-10 11:25:32 -04:00
Omar Roth
1443335315
Switch textcaptcha to HTTPS
2020-03-10 11:12:11 -04:00
Omar Roth
bb72672dd9
Replace static asset requests with QUIC
2020-03-06 13:53:35 -05:00
Omar Roth
d96dee3aa6
Add debug info to videoplayback
2020-03-06 13:50:00 -05:00
Omar Roth
bd0aaa343b
Prevent storyboards from hanging
2020-03-05 13:49:06 -05:00
Omar Roth
a117d87f33
Skip validation checks for videoplayback, ggpht
2020-03-04 13:06:17 -05:00
Omar Roth
9dc4f8a1aa
Escape item titles in search page
2020-03-04 13:03:14 -05:00
leonklingele
0d536d11e3
Verify token signature in constant time, Run cheap checks first in token validation process ( #1032 )
...
* Verify token signature in constant time
To prevent timing side channel attacks
* Run cheap checks first in token validation process
Expensive checks such as the nonce lookup on the database or the
signature check can be run after cheap/fast checks.
2020-03-02 10:04:36 -06:00
Omar Roth
e21f770485
Fix status check for channel page
2020-02-28 15:57:45 -05:00
Omar Roth
697c00dccf
Sanitize PLID
2020-02-28 14:10:01 -05:00
Omar Roth
1caf6a3298
Fix deadlock when updating notifications
2020-02-28 13:13:48 -05:00
Omar Roth
02fd02d482
Remove DB array concatenation
2020-02-28 12:14:29 -05:00
Pedro Lucas Porcellis
239fb0db94
Remove duplicated Github logo on footer ( #986 )
...
* Remove duplicated Github logo on footer
2020-02-20 18:50:54 -05:00
Omar Roth
43da06a354
Remove temp fix for crystal/crystal-lang#7383
2020-02-20 18:30:46 -05:00
Omar Roth
fea6b67067
Remove 'type' attribute from community embed
2020-02-20 18:30:46 -05:00
Leon Klingele
bc9dc3bf1e
Update code formatting for Crystal 0.33.0
...
Crystal 0.33.0 introduced some changes to to the code formatter.
Run "crystal tool format" so CI doesn't fail anymore.
2020-02-15 19:52:28 +01:00
Leon Klingele
e3c10d779d
Add support to read config from environment variable
...
Try to read app config from the "INVIDIOUS_CONFIG" environment variable.
If the variable is undefined, read config from config.yml file as before.
Required by https://github.com/omarroth/invidious/pull/1015 et al.
2020-02-04 15:53:46 +01:00
Omar Roth
9841f74adc
Add handling for comments with no content
2020-02-01 12:14:37 -05:00
Omar Roth
b56e493d92
Remove frameborder from community embeds
2020-02-01 11:23:12 -05:00
Omar Roth
a2c5211b20
Check /browse_ajax for channel blocks
2020-02-01 11:23:12 -05:00
Omar Roth
648cc0f006
Refactor signature extraction
2020-01-24 17:02:28 -05:00
Omar Roth
7baced75e5
Fix channel redirect
2020-01-14 08:21:17 -05:00
Omar Roth
7b88d0efe3
Minor refactor
2020-01-08 20:27:21 -05:00
Omar Roth
4aada65dae
Fix channel playlists for genre channels
2020-01-08 20:26:47 -05:00
Omar Roth
88a538e71b
Minor refactor for channel playlists
2019-12-05 15:47:35 -05:00
Omar Roth
513363504f
Add better error message for fetch_channel
2019-12-05 15:46:21 -05:00
Omar Roth
0e844edacb
Add support for pt-BR
2019-12-05 15:26:35 -05:00
Omar Roth
1499ce43bf
Add support for Romanian locale
2019-12-03 19:41:58 -05:00
Omar Roth
823603650f
Add support for /sorry/index CAPTCHA
2019-12-03 19:14:11 -05:00
Omar Roth
062867a38d
Strip domain from caption URLs
2019-12-01 17:52:39 -05:00
Omar Roth
04d56420d1
Run 'crystal tool format'
2019-11-28 08:20:44 -06:00
Omar Roth
a017574f74
Add support for force_resolve to QUIC client
2019-11-28 08:19:28 -06:00
Omar Roth
0e3a48ff76
Update QUICPool
2019-11-24 13:41:47 -05:00
Omar Roth
276bf09238
Skip preferences for assets
2019-11-20 12:04:53 -05:00
Omar Roth
d46b26e3bc
Use QUIC for connections to YouTube
2019-11-18 17:28:32 -05:00
Omar Roth
236c172c6f
Merge pull request #896 from sh4dowb/master
...
Fixed double quotes in meta description
2019-11-14 10:38:38 -05:00
Omar Roth
c07cd3a856
Fix typo in playlist url
2019-11-14 10:11:33 -05:00
sh4dowb
79da61782b
Fixed double quotes in meta description
2019-11-11 19:00:23 +03:00
Omar Roth
8af87f1a8b
Fix updating of cookies
2019-11-10 10:02:02 -05:00
Omar Roth
494c954cbb
Add etag to /api/v1/annotations
2019-11-09 22:05:17 -05:00
Omar Roth
71bc9eea28
Add support for Anti-Captcha
2019-11-09 14:22:39 -05:00
Omar Roth
e3b2bcfd06
Fix ID for search duration
2019-11-08 09:29:33 -05:00
Omar Roth
142d974641
Use force_resolve for search suggestions
2019-11-07 12:25:34 -05:00
Omar Roth
0e1d6aa85c
Update error messages for video extractor
2019-11-05 19:39:11 -05:00
Omar Roth
bcdb8cd770
Fix default fo dark_mode
2019-11-04 17:08:13 -05:00
Omar Roth
7b2ca55089
Fix escaping in email query
2019-11-04 12:26:05 -05:00