diff options
author | Simon Sawicki <contact@grub4k.xyz> | 2023-07-04 21:41:04 +0200 |
---|---|---|
committer | dirkf <fieldhouse@gmx.net> | 2023-07-18 10:50:46 +0100 |
commit | 8334ec961b802ad7ef8571b776c5fc727206dc9b (patch) | |
tree | a8e5e02b21686d920e998ff648a4ee893927c464 /youtube_dl/downloader | |
parent | 3801d36416d6e3e6031dc4fcac01891ce7ddb55b (diff) | |
download | youtube-dl-8334ec961b802ad7ef8571b776c5fc727206dc9b.tar.xz |
[core] Process header cookies on loading
Diffstat (limited to 'youtube_dl/downloader')
-rw-r--r-- | youtube_dl/downloader/common.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/youtube_dl/downloader/common.py b/youtube_dl/downloader/common.py index c86ce2aa5..08c98b336 100644 --- a/youtube_dl/downloader/common.py +++ b/youtube_dl/downloader/common.py @@ -13,7 +13,9 @@ from ..utils import ( error_to_compat_str, format_bytes, shell_quote, + T, timeconvert, + traverse_obj, ) @@ -339,6 +341,10 @@ class FileDownloader(object): def download(self, filename, info_dict): """Download to a filename using the info from info_dict Return True on success and False otherwise + + This method filters the `Cookie` header from the info_dict to prevent leaks. + Downloaders have their own way of handling cookies. + See: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj """ nooverwrites_and_exists = ( @@ -373,6 +379,9 @@ class FileDownloader(object): else '%.2f' % sleep_interval)) time.sleep(sleep_interval) + info_dict['http_headers'] = dict(traverse_obj(info_dict, ( + 'http_headers', T(dict.items), lambda _, pair: pair[0].lower() != 'cookie'))) or None + return self.real_download(filename, info_dict) def real_download(self, filename, info_dict): |