Use “www.youtube.com” consistently (#5768)

Saves an unnecessary redirect by using `www.youtube.com` on some parts of Invidious where `youtube.com` was used instead. youtube.com will redirect to www.youtube.com anyways.

Co-authored-by: janmoesen <@>

.github/workflows/build-nightly-container.yml

@@ -86,7 +86,7 @@ jobs:
 
       # https://github.com/marketplace/actions/docker-manifest-create-action
       - name: Create and push manifest
-        uses: int128/docker-manifest-create-action@v2.21.0
+        uses: int128/docker-manifest-create-action@v2.22.0
         with:
           push: true
           tags: quay.io/invidious/invidious:master

.github/workflows/build-stable-container.yml

@@ -78,7 +78,7 @@ jobs:
 
       # https://github.com/marketplace/actions/docker-manifest-create-action
       - name: Create and push manifest
-        uses: int128/docker-manifest-create-action@v2.21.0
+        uses: int128/docker-manifest-create-action@v2.22.0
         with:
           push: true
           tags: quay.io/invidious/invidious:latest

config/config.example.yml

@@ -151,6 +151,26 @@ db:
 ##
 domain:
 
+##
+## List of alternative domains where the invidious instance is being served.
+## This needs to be set in order to be able to login and update user preferences
+## when using a domain that is not the same as the `domain` configuration,
+## like a .`onion` address, `.i2p` address, `.b32.i2p` address, etc.
+##
+## It will detect the alternative domain trough the `X-Forwarded-Host` header.
+## https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Host
+##
+## Accepted values: a list of fully qualified domain names (FQDN)
+## Default: <none>
+##
+## Example:
+## alternative_domains:
+##   - invidious.example.com
+##   - inv.example.com
+##   - videos.example.com
+##
+alternative_domains:
+
 ##
 ## Tell Invidious that it is behind a proxy that provides only
 ## HTTPS, so all links must use the https:// scheme. This

docker/Dockerfile

@@ -2,7 +2,7 @@
 ARG OPENSSL_VERSION='3.6.2'
 ARG OPENSSL_SHA256='aaf51a1fe064384f811daeaeb4ec4dce7340ec8bd893027eee676af31e83a04f'
 
-FROM crystallang/crystal:1.20.2-alpine AS dependabot-crystal
+FROM 84codes/crystal:1.20.2-alpine AS dependabot-crystal
 
 # We compile openssl ourselves due to a memory leak in how crystal interacts
 # with openssl

src/invidious/config.cr

@@ -121,6 +121,8 @@ class Config
   property hmac_key : String = ""
   # Domain to be used for links to resources on the site where an absolute URL is required
   property domain : String?
+  # Additional domain list that is going to be used for cookie domain validation
+  property alternative_domains : Array(String) = [] of String
   # Subscribe to channels using PubSubHubbub (requires domain, hmac_key)
   property use_pubsub_feeds : Bool | Int32 = false
   property popular_enabled : Bool = true

src/invidious/helpers/errors.cr

@@ -201,7 +201,7 @@ def error_redirect_helper(env : HTTP::Server::Context)
           <a href="/redirect?referer=#{env.get("current_page")}">#{switch_instance}</a>
         </li>
         <li>
-          <a rel="noreferrer noopener" href="https://youtube.com#{env.request.resource}">#{go_to_youtube}</a>
+          <a rel="noreferrer noopener" href="https://www.youtube.com#{env.request.resource}">#{go_to_youtube}</a>
         </li>
       </ul>
     END_HTML

src/invidious/routes/before_all.cr

@@ -32,6 +32,8 @@ module Invidious::Routes::BeforeAll
     env.response.headers["X-XSS-Protection"] = "1; mode=block"
     env.response.headers["X-Content-Type-Options"] = "nosniff"
 
+    env.set "header_x-forwarded-host", env.request.headers["X-Forwarded-Host"]?
+
     # Only allow the pages at /embed/* to be embedded
     if env.request.resource.starts_with?("/embed")
       frame_ancestors = "'self' file: http: https:"

src/invidious/routes/channels.cr

@@ -351,7 +351,7 @@ module Invidious::Routes::Channels
     invidious_url_params.delete_all("user")
 
     begin
-      resolved_url = YoutubeAPI.resolve_url("https://youtube.com#{env.request.path}#{yt_url_params.size > 0 ? "?#{yt_url_params}" : ""}")
+      resolved_url = YoutubeAPI.resolve_url("https://www.youtube.com#{env.request.path}#{yt_url_params.size > 0 ? "?#{yt_url_params}" : ""}")
       ucid = resolved_url["endpoint"]["browseEndpoint"]["browseId"]
     rescue ex : InfoException | KeyError
       return error_template(404, I18n.translate(locale, "This channel does not exist."))

src/invidious/routes/errors.cr

@@ -8,7 +8,7 @@ module Invidious::Routes::ErrorRoutes
     if md = env.request.path.match(/^\/(?<id>([a-zA-Z0-9_-]{11})|(\w+))$/)
       item = md["id"]
 
-      # Check if item is branding URL e.g. https://youtube.com/gaming
+      # Check if item is branding URL e.g. https://www.youtube.com/gaming
       response = YT_POOL.client &.get("/#{item}")
 
       if response.status_code == 301

src/invidious/routes/feeds.cr

@@ -320,7 +320,7 @@ module Invidious::Routes::Feeds
         case attribute.name
         when "url", "href"
           request_target = URI.parse(node[attribute.name]).request_target
-          query_string_opt = request_target.starts_with?("/watch?v=") ? "&#{params}" : ""
+          query_string_opt = request_target.starts_with?("/watch?v=") ? ("&#{params}" if !params.empty?) : ""
           node[attribute.name] = "#{HOST_URL}#{request_target}#{query_string_opt}"
         else nil # Skip
         end

src/invidious/routes/login.cr

@@ -26,6 +26,7 @@ module Invidious::Routes::Login
 
   def self.login(env)
     locale = env.get("preferences").as(Preferences).locale
+    host = env.get("header_x-forwarded-host")
 
     referer = get_referer(env, "/feed/subscriptions")
 
@@ -57,7 +58,11 @@ module Invidious::Routes::Login
           sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
           Invidious::Database::SessionIDs.insert(sid, email)
 
-          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+          if alt = CONFIG.alternative_domains.index(host)
+            env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid)
+          else
+            env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+          end
         else
           return error_template(401, "Wrong username or password")
         end
@@ -123,7 +128,11 @@ module Invidious::Routes::Login
         view_name = "subscriptions_#{sha256(user.email)}"
         PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
 
-        env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+        if alt = CONFIG.alternative_domains.index(host)
+          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid)
+        else
+          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+        end
 
         if env.request.cookies["PREFS"]?
           user.preferences = env.get("preferences").as(Preferences)

src/invidious/routes/preferences.cr

@@ -231,7 +231,12 @@ module Invidious::Routes::PreferencesRoute
         File.write("config/config.yml", CONFIG.to_yaml)
       end
     else
-      env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
+      host = env.get("header_x-forwarded-host")
+      if alt = CONFIG.alternative_domains.index(host)
+        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences)
+      else
+        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
+      end
     end
 
     env.redirect referer
@@ -266,7 +271,12 @@ module Invidious::Routes::PreferencesRoute
         preferences.dark_mode = "dark"
       end
 
-      env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
+      host = env.get("header_x-forwarded-host")
+      if alt = CONFIG.alternative_domains.index(host)
+        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences)
+      else
+        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
+      end
     end
 
     if redirect

src/invidious/user/cookies.cr

@@ -6,17 +6,24 @@ struct Invidious::User
 
     # Note: we use ternary operator because the two variables
     # used in here are not booleans.
-    SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false
+    @@secure = (Kemal.config.ssl || CONFIG.https_only) ? true : false
 
     # Session ID (SID) cookie
     # Parameter "domain" comes from the global config
     def sid(domain : String?, sid) : HTTP::Cookie
+      # Not secure if it's being accessed from I2P
+      # Browsers expect the domain to include https. On I2P there is no HTTPS
+      # Tor browser works fine with secure being true
+      if (domain.try &.split(".").last == "i2p") && @@secure
+        @@secure = false
+      end
+
       return HTTP::Cookie.new(
         name: "SID",
         domain: domain,
         value: sid,
         expires: Time.utc + 2.years,
-        secure: SECURE,
+        secure: @@secure,
         http_only: true,
         samesite: HTTP::Cookie::SameSite::Lax
       )
@@ -25,12 +32,19 @@ struct Invidious::User
     # Preferences (PREFS) cookie
     # Parameter "domain" comes from the global config
     def prefs(domain : String?, preferences : Preferences) : HTTP::Cookie
+      # Not secure if it's being accessed from I2P
+      # Browsers expect the domain to include https. On I2P there is no HTTPS
+      # Tor browser works fine with secure being true
+      if (domain.try &.split(".").last == "i2p") && @@secure
+        @@secure = false
+      end
+
       return HTTP::Cookie.new(
         name: "PREFS",
         domain: domain,
         value: URI.encode_www_form(preferences.to_json),
         expires: Time.utc + 2.years,
-        secure: SECURE,
+        secure: @@secure,
         http_only: false,
         samesite: HTTP::Cookie::SameSite::Lax
       )

src/invidious/yt_backend/youtube_api.cr

@@ -480,7 +480,7 @@ module YoutubeAPI
   #
   # ```
   # # Valid channel "brand URL" gives the related UCID and browse ID
-  # channel_a = YoutubeAPI.resolve_url("https://youtube.com/c/google")
+  # channel_a = YoutubeAPI.resolve_url("https://www.youtube.com/c/google")
   # channel_a # => {
   #   "endpoint": {
   #     "browseEndpoint": {
@@ -492,7 +492,7 @@ module YoutubeAPI
   # }
   #
   # # Invalid URL returns throws an InfoException
-  # channel_b = YoutubeAPI.resolve_url("https://youtube.com/c/invalid")
+  # channel_b = YoutubeAPI.resolve_url("https://www.youtube.com/c/invalid")
   # ```
   #
   def resolve_url(url : String, client_config : ClientConfig | Nil = nil)