[Bug] Preferences are reset when acessing the `/watch` page

[PrincessMiki]

Describe the bug

All invidious instances are not remembering settings across all videos on linux firefox and android firefox.

Does not happen consistently

Quality is returning to HD every time and it's not remembering dark mode.

I use medium quality. Are there any instances that can only do up to medium?

Logs

Screenshots

Additional context

[SamantazFox]

Could you please explain further, with examples?

Note that you need to accept cookies in order to save your preferences (overriding them using URL parameters is currently bugged).

[artenax]

Confirming the problem. For the last few days (since about July 17, 2022) at least yewtu.be forgets settings every 24 hours. Quality becomes HD instead of 360p, volume 100 instead of 20, and everything else. Fix it, please. The server only gives cookies for 18 hours.

I even tried to hack in the browser inspector (Storage tab), to increase the storage time, but it doesn't help.

[artenax]

overriding them using URL parameters is currently bugged

A POST request with parameters (inside the request) is sent from https://yewtu.be/preferences to https://yewtu.be/preferences?referer=/ The browser does this when I click the "Save Settings" button.

[PrincessMiki]

Could you please explain further, with examples?

Note that you need to accept cookies in order to save your preferences (overriding them using URL parameters is currently bugged).

The guy below your comment explained. I can try to explain further, but I'm not sure what to add. Invidious cookies seem nuked from orbit

[markozajc]

Cookies and preferences work fine on my personal instance, which is currently on 5e090778, though these issues could also be unrelated to invidious itself and caused by anything from misconfiguration to mismanagement.

[unixfox]

Closing as it's a duplicate of #3132 A fix was created in https://github.com/iv-org/invidious/pull/3250 and we soon be available on https://yewtu.be. Feel free to test with the PR or on https://yewtu.be

[artenax]

This has never been fixed. OMG. This is the request that needs to be somehow automated for the browser, because the developers are not going to fix it themselves. Maybe put it on a Custom button. I don't know how (to make it easier).

POST /preferences Host: yewtu.be Referer: https://yewtu.be/preferences Content-Type: application/x-www-form-urlencoded Content-Length: 308

speed=1.0&quality=medium&quality_dash=360p&volume=20&comments%5B0%5D=youtube&comments%5B1%5D=&captions%5B0%5D=&captions%5B1%5D=&captions%5B2%5D=&related_videos=on&extend_desc=on&save_player_pos=on&locale=en-US&region=US&player_style=invidious&dark_mode=light&default_home=&feed_menu%5B0%5D=&feed_menu%5B1%5D=

[SamantazFox]

@artenax the cookies are set to expire after 2 years. It should be more than enough! Do you have enabled a browser option like "clear site data on exit"?

[artenax]

@SamantazFox

Do you have enabled a browser option like "clear site data on exit"?

No. Nothing like that. I checked in Firefox 60 and 102.

cookies are set to expire after 2 years

Well, yes. On the main page. But worth visiting some /watch?v= in the inspector I see it:

I think this bug is related to the browser. Maybe with the CSP policy. You changed something. What? Everything was working fine before July 17. I didn't update the browsers or change any settings.

[artenax]

This is what the server is sending now. These settings are the same for /preferences and /watch?v= However, after visiting /watch?v=, the storage date is reduced in the inspector.

POST /preferences HTTP/1.1
Host yewtu.be
Referer https://yewtu.be/preferences
Content-Type application/x-www-form-urlencoded
Content-Length 308

HTTP/1.1 302 Found
Date: Sun, 21 Aug 2022 17:13:17 GMT
Content-Type: text/html
Content-Length: 0
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://*.proxy.yewtu.be:443; manifest-src 'self'; media-src 'self' blob: https://*.googlevideo.com:443 https://*.youtube.com:443 https://*.proxy.yewtu.be:443; child-src 'self' blob:; frame-src 'self'; frame-ancestors 'none'
Referrer-Policy: same-origin
Permissions-Policy: interest-cohort=()
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Location: /
Set-Cookie: PREFS=...; domain=yewtu.be; expires=Wed, 21 Aug 2024 17:13:17 GMT; Secure; SameSite=Lax
X-Robots-Tag: 'noindex, nofollow, nosnippet, noarchive'

[artenax]

Before the breakdown. I only visit / and /preferences:

After visiting /watch?v= the breakdown occurs:

As you can see: the date decreases. Secure becomes false instead of true. SameSite becomes Strict instead of Lax. Everywhere: on / , /preferences and /watch And the server was sending Secure, Lax. Always.

Excuse me, of course. But it seems to me that you yourself don't use what you develop.

[unixfox]

Make sure you did clear the cookies from yewtu.be after we merged the new changes 15 days ago: https://github.com/iv-org/invidious/pull/3250

The reason is that the server can't force the user to use "new cookies" with correct SameSite parameter for example.

On fresh cookies, I can't reproduce your issue:

[artenax]

I regularly clear yewtu.be cookies for the test, of course.

These scripts (working together, in pairs) change the type of cookies: https://yewtu.be/videojs/video.js/video.js?v=ad39fa9 https://yewtu.be/js/player.js?v=ad39fa9 However, without them there is no choice of quality and primitive player interface.

It seems there was an extension for the Pale Moon browser like Cookie protector. But I don't remember if it protects against deletion or modification.

[artenax]

I cleared yewtu.be cookies, closed the browser, deleted the cache folder. Didn't help. 2024, secure, lax remain only on / and /preferences pages. After visiting /watch* cookies become 2022 (18h), non-secure, strict EVERYWHERE. I haven't cleared all the other cookies, though.

UPD: I also checked on a CLEAN Firefox 102 profile. The problem REMAINS.

yewtu.be Current version: 2022.08.21-2649d0e @ master.

[artenax]

I looked at your screenshot and I don't have the first cookie called CookieA... Only PREFS. And I never saw 2023. Weird. Maybe it depends on the IP. GDPR and all that...

[SamantazFox]

I found the culprit :D https://github.com/iv-org/invidious/blob/b0bb156918f6b61764694aa87f9e4e1ad26e130f/assets/js/player.js#L260-L272

[unixfox]

@artenax Can you try again? Clear the cookies before trying again.

I published a fix (from https://github.com/iv-org/invidious/pull/3276) for what you said.

[artenax]

It seems to be working now. Thank you. 2022.08.22-e2ad17a @ master