From 344bc2d8e950748ab0c5f68f4c18d12e45b9c281 Mon Sep 17 00:00:00 2001 From: Fijxu Date: Fri, 16 Jan 2026 19:39:44 -0300 Subject: [PATCH 1/5] Strip unwanted headers from response headers in images and videoplayback (#5595) Image responses contained the following unwanted headers that should not be passed to the clients: ``` "Cross-Origin-Resource-Policy" ["cross-origin"] "Cross-Origin-Opener-Policy-Report-Only" ["same-origin; report-to=\"youtube\""] "Report-To" ["{\"group\":\"youtube\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/youtube\"}]}"] "Timing-Allow-Origin" ["*"] ``` --- src/invidious.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious.cr b/src/invidious.cr index a61f91a9..ec518453 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -78,7 +78,7 @@ TEST_IDS = {"AgbeGFYluEA", "BaW_jenozKc", "a9LDPn-MO4I", "ddFvjfvPnqk" MAX_ITEMS_PER_PAGE = 1500 REQUEST_HEADERS_WHITELIST = {"accept", "accept-encoding", "cache-control", "content-length", "if-none-match", "range"} -RESPONSE_HEADERS_BLACKLIST = {"access-control-allow-origin", "alt-svc", "server"} +RESPONSE_HEADERS_BLACKLIST = {"access-control-allow-origin", "alt-svc", "server", "cross-origin-opener-policy-report-only", "report-to", "cross-origin", "timing-allow-origin", "cross-origin-resource-policy"} HTTP_CHUNK_SIZE = 10485760 # ~10MB CURRENT_BRANCH = {{ "#{`git branch | sed -n '/* /s///p'`.strip}" }} From 66c67f4c7a2646c5d1b555fd833826917f1cb58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89milien=20=28perso=29?= <4016501+unixfox@users.noreply.github.com> Date: Sat, 17 Jan 2026 00:15:32 +0100 Subject: [PATCH 2/5] doc: Update HTTP proxy configuration comments (#5586) * doc: Update HTTP proxy configuration comments Added information about proxy configuration for YouTube streams. * Document supported proxy types in config.example.yml Added note about supported proxy types in configuration. --- config/config.example.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/config.example.yml b/config/config.example.yml index eedd9539..7cc480c6 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -223,9 +223,13 @@ https_only: false ## ## Configuration for using a HTTP proxy -## ## If unset, then no HTTP proxy will be used. +## Proxy type supported: HTTP, HTTPS ## +## This is not used for loading the video streams from YouTube servers (circumvent YouTube restrictions) +## Please instead configure the proxy in Invidious companion: +## https://github.com/iv-org/invidious-companion/blob/master/config/config.example.toml +## #http_proxy: # user: # password: From d25cc9570c9738f16e15437bcc69a12ab2095738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 22:59:44 +0100 Subject: [PATCH 3/5] Bump crystallang/crystal from 1.16.3-alpine to 1.19.0-alpine in /docker (#5603) Bumps crystallang/crystal from 1.16.3-alpine to 1.19.0-alpine. --- updated-dependencies: - dependency-name: crystallang/crystal dependency-version: 1.19.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index e2d30364..97c43ef1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,7 +2,7 @@ ARG OPENSSL_VERSION='3.5.2' ARG OPENSSL_SHA256='c53a47e5e441c930c3928cf7bf6fb00e5d129b630e0aa873b08258656e7345ec' -FROM crystallang/crystal:1.16.3-alpine AS dependabot-crystal +FROM crystallang/crystal:1.19.0-alpine AS dependabot-crystal # We compile openssl ourselves due to a memory leak in how crystal interacts # with openssl From 7e36cfb6678770db8a55e575caddd981dce2d032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89milien=20=28perso=29?= <4016501+unixfox@users.noreply.github.com> Date: Mon, 19 Jan 2026 23:39:01 +0100 Subject: [PATCH 4/5] =?UTF-8?q?Revert=20"Bump=20crystallang/crystal=20from?= =?UTF-8?q?=201.16.3-alpine=20to=201.19.0-alpine=20in=20/dock=E2=80=A6"=20?= =?UTF-8?q?(#5604)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d25cc9570c9738f16e15437bcc69a12ab2095738. --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 97c43ef1..e2d30364 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,7 +2,7 @@ ARG OPENSSL_VERSION='3.5.2' ARG OPENSSL_SHA256='c53a47e5e441c930c3928cf7bf6fb00e5d129b630e0aa873b08258656e7345ec' -FROM crystallang/crystal:1.19.0-alpine AS dependabot-crystal +FROM crystallang/crystal:1.16.3-alpine AS dependabot-crystal # We compile openssl ourselves due to a memory leak in how crystal interacts # with openssl From d51a7a44ad91d2fa7d1330970a15a0d8f365f250 Mon Sep 17 00:00:00 2001 From: Kiril Isakov Date: Fri, 23 Jan 2026 13:18:41 +0100 Subject: [PATCH 5/5] Fix commit command in README instructions, as per #5606 (#5607) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 97d2109b..5b789a50 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ You can read more here: https://docs.invidious.io/applications/ 1. Fork it ( https://github.com/iv-org/invidious/fork ). 1. Create your feature branch (`git checkout -b my-new-feature`). 1. Stage your files (`git add .`). -1. Commit your changes (`git commit -am 'Add some feature'`). +1. Commit your changes (`git commit -m 'Add some feature'`). 1. Push to the branch (`git push origin my-new-feature`). 1. Create a new pull request ( https://github.com/iv-org/invidious/compare ).