Support for encrypted videoplayback requests #29
Comments
|
Done in https://git.nadeko.net/Fijxu/invidious-companion/commit/7eae31613e6d674dc5122a980e0ac6cc2d57ae2b, https://git.nadeko.net/Fijxu/invidious/commit/facd01b52e6b7122fb3413345fef2d5d08b1f377 and https://git.nadeko.net/Fijxu/http3-ytproxy/commit/6bd0f28d779596c2f7439395818db0c46698d5f0 There is only one problem tho. If the user uses unproxied HD720 quality on Invidious, they will be able to get the IP from where the video stream was gathered. I think the only way to prevent that data from leaking out is just to force proxy the videoplayback trough the server. let me know what do you think. |
You could fix that by having latest_version always returning a proxied URL. The issue with the implementation is that this forces the usage of the builtin videoplayback proxy and you can't use other like piped-proxy. But if that is configurable and not by default, why not. Could you create a PR in order to review the change? |
Title. The query parameters that are included on
/videoplaybackrequests contain sensitive data like the IP from where the video was requested and the potoken used for it. It would be ideal to encrypt the query parameters to prevent bad actors from using the requests and to get that type of data.The text was updated successfully, but these errors were encountered: