From 2f335b3d2c2805d5de1b0204920c439b87f5646b Mon Sep 17 00:00:00 2001
From: Samantaz Fox <coding@samantaz.fr>
Date: Tue, 22 Feb 2022 18:11:11 +0100
Subject: Use a dedicated endpoind for downloads

This allows us to not pass file name ("title") in the form
data and to enforce some sanity checks
---
 src/invidious.cr | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/invidious.cr')

diff --git a/src/invidious.cr b/src/invidious.cr
index d742cd59..d1c3ac83 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -236,6 +236,7 @@ before_all do |env|
             "/api/manifest/",
             "/videoplayback",
             "/latest_version",
+            "/download",
           }.any? { |r| env.request.resource.starts_with? r }
 
   if env.request.cookies.has_key? "SID"
@@ -348,6 +349,8 @@ end
   Invidious::Routing.get "/e/:id", Invidious::Routes::Watch, :redirect
   Invidious::Routing.get "/redirect", Invidious::Routes::Misc, :cross_instance_redirect
 
+  Invidious::Routing.post "/download", Invidious::Routes::Watch, :download
+
   Invidious::Routing.get "/embed/", Invidious::Routes::Embed, :redirect
   Invidious::Routing.get "/embed/:id", Invidious::Routes::Embed, :show
 
-- 
cgit v1.2.3