From f237fd984762204058ccfa248ea5c85c86413c2e Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@protonmail.com>
Date: Sun, 19 May 2019 07:12:45 -0500
Subject: [PATCH] Fix CORS headers for proxied assets

---
 src/invidious.cr | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/invidious.cr b/src/invidious.cr
index f8335394..c3153d6b 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -5063,13 +5063,16 @@ get "/videoplayback" do |env|
     env.response.status_code = response.status_code
 
     response.headers.each do |key, value|
-      env.response.headers[key] = value
+      if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key
+        env.response.headers[key] = value
+      end
     end
 
+    env.response.headers["Access-Control-Allow-Origin"] = "*"
+
     if response.headers["Location"]?
       url = URI.parse(response.headers["Location"])
       host = url.host
-      env.response.headers["Access-Control-Allow-Origin"] = "*"
 
       url = url.full_path
       url += "&host=#{host}"
@@ -5086,8 +5089,6 @@ get "/videoplayback" do |env|
       env.response.headers["Content-Disposition"] = "attachment; filename=\"#{URI.escape(title)}\"; filename*=UTF-8''#{URI.escape(title)}"
     end
 
-    env.response.headers["Access-Control-Allow-Origin"] = "*"
-
     proxy_file(response, env)
   end
 end
@@ -5109,15 +5110,18 @@ get "/ggpht/*" do |env|
   end
 
   client.get(url, headers) do |response|
-    env.response.status_code = response.status_code
     response.headers.each do |key, value|
-      env.response.headers[key] = value
+      if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key
+        env.response.headers[key] = value
+      end
     end
 
     if response.status_code == 304
       break
     end
 
+    env.response.headers["Access-Control-Allow-Origin"] = "*"
+
     proxy_file(response, env)
   end
 end
@@ -5153,13 +5157,17 @@ get "/sb/:id/:storyboard/:index" do |env|
   client.get(url, headers) do |response|
     env.response.status_code = response.status_code
     response.headers.each do |key, value|
-      env.response.headers[key] = value
+      if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key
+        env.response.headers[key] = value
+      end
     end
 
     if response.status_code >= 400
       break
     end
 
+    env.response.headers["Access-Control-Allow-Origin"] = "*"
+
     proxy_file(response, env)
   end
 end
@@ -5191,13 +5199,17 @@ get "/vi/:id/:name" do |env|
   client.get(url, headers) do |response|
     env.response.status_code = response.status_code
     response.headers.each do |key, value|
-      env.response.headers[key] = value
+      if !{"Access-Control-Allow-Origin", "Alt-Svc"}.includes? key
+        env.response.headers[key] = value
+      end
     end
 
     if response.status_code == 304
       break
     end
 
+    env.response.headers["Access-Control-Allow-Origin"] = "*"
+
     proxy_file(response, env)
   end
 end