Upstream/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-03-29 16:16:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge b89117e99e into 70ff463cc6

Browse Source
This commit is contained in:
lekma 2025-03-13 16:50:28 +01:00 committed by GitHub
commit b5188abde1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 5 deletions

16
src/invidious/routes/api/v1/authenticated.cr
View File

@ -398,7 +398,8 @@ module Invidious::Routes::API::V1::Authenticated
user = env.get("user").as(User)
locale = env.get("preferences").as(Preferences).locale
case env.request.headers["Content-Type"]?
content_type = env.request.headers["Content-Type"]?
case content_type
when "application/x-www-form-urlencoded"
scopes = env.params.body.select { |k, _| k.match(/^scopes\[\d+\]$/) }.map { |_, v| v }
callback_url = env.params.body["callbackUrl"]?
@ -419,11 +420,16 @@ module Invidious::Routes::API::V1::Authenticated
callback_url = URI.parse(callback_url)
end
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
if content_type != "application/json"
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
else
# is it enough?
env.response.status_code = 403
end
else
env.response.content_type = "application/json"