"Request failed with status code Forbidden" on start up

[kupet00]

Describe the bug When starting the app, I get greeted by the following login screen ("Request failed with status code Forbidden"):

Logging in on the official website or Android App does work with the same credentials.

To Reproduce Steps to reproduce the behavior:

1. Start the app

Expected behavior Either a login screen without errors and being able to login in or no login screen at all (being automatically logged in)

Desktop (please complete the following information):

• Windows 11 Pro 21H2
• 64bit
• App version 2.6.3

F1TV account

• Subscription type: Pro
• Netherlands
• Using VPN or proxy? No

[PostMalone]

I have the same issue as you. Request failed with status code Forbidden

Its happening hours before FP1 in Australia.

[robvdpol]

Hmm, they might have disabled the api key we're using for the login request. We would have to check the contents of the login request from one of the official apps to see what has changed. I'm not sure how to do that unfortunately :/ Maybe someone else is able to do it. It's a bit tricky since it's of course encrypted.

[sartsj]

API key seems fine, what I needed to do to make the auth request working again was adding this new euconsent cookie (not going to paste it here, not sure what it contains).

Just tried it with postman, and with this cookie it works again.

[robvdpol]

@sartsj The cookie shouldn't contain private information, you could try to decode it at http://iabtcf.com/#/decode to verify. I would really like to have it so I can fix the login.

[sartsj]

Specifically, the necessary cookie is the one called 'reese84'

[robvdpol]

Ah the reese84 stuff again. There used to be an exception for 'RaceControl' user agent not needing it, but apparantly they removed that exception :( They seem to be cracking down on third party tools this season.

See also https://github.com/SoMuchForSubtlety/f1viewer/issues/111

[SoMuchForSubtlety]

Maybe we can send them a nice email asking to add the exception back :smile:

[imnotnoa]

This cookie is associated with Imperva Networks and is used to determine if a user will receive a captcha.

[imnotnoa]

https://github.com/SoMuchForSubtlety/f1viewer/issues/231#issuecomment-1091454437

This gives us some hope

I'll see how far this gets me

[imnotnoa]

@sartsj could you share your postman request? I'm having no luck logging in, even after syncing the reese84 cookie from my browser. Still get the "Pardon Our Interruption As you were browsing something about your browser made us think you were a bot. There are a few reasons this might happen..." 403 page.

Using the correct cookie, api key, user-agent and credentials

[sartsj]

@dhuit90 I'm honestly not having much luck anymore either. The only way I can get a succesfull auth request in postman now is by literally copying the one from my firefox dev console after logging in on the f1tv website.

Even if I only copy the reese84 cookie value from that request I can't get it to work anymore. I must be messing something up.

[imnotnoa]

So one (very ugly) solution might be running a headless browser to get the token and use that to handle the login in RaceControl... I guess

[robvdpol]

I'll see how far this gets me

The reese84-token that you get from that request doesn't work. When I use the reese84-token from my webbrowser console it does work.

[imnotnoa]

I'll see how far this gets me

The reese84-token that you get from that request doesn't work. When I use the reese84-token from my webbrowser console it does work.

Same here, i've been syncing the cookies from my browser (logged in to F1TV website) to postman but no luck

[MueR]

This curl request will get you the required value for a reese84 cookie. Still unsure how it works though.

curl --location --request POST 'https://api.formula1.com/6657193977244c13?d=account.formula1.com' \
--data-raw '{"solution":{"interrogation":{"st":162229509,"sr":1959639815,"cr":78830557},"version":"stable"},"error":null,"performance":{"interrogation":185}}'

edit: never mind, including the token doesn't work half the time

[imnotnoa]

@flyingwraptor is the code you supplied in https://github.com/SoMuchForSubtlety/f1viewer/issues/111#issuecomment-727553895 a solution for this?

[eXhumer]

I have a better solution for subscription token handling, but it requires access to an embedded web browser from which you can listen to cookie events. I used Qt's Framework in C++ to essentially listen for login-session session cookie for formula1.com in a Qt WebEngine after allowing a user to log in. Upon successful login, F1 will add the cookie which includes the subscription token.

https://github.com/eXhumer/eXF1TV/blob/main/Source/F1TVService.cxx#L30

[robvdpol]

I have a better solution for subscription token handling, but it requires access to an embedded web browser from which you can listen to cookie events. I used Qt's Framework in C++ to essentially listen for login-session session cookie for formula1.com in a Qt WebEngine after allowing a user to log in. Upon successful login, F1 will add the cookie which includes the subscription token.

https://github.com/eXhumer/eXF1TV/blob/main/Source/F1TVService.cxx#L30

I was thinking of doing something similar using an Edge WebView2 component. Let the user login on the official website and fetch the sessiontoken from response or cookie.

[eXhumer]

You can also allow manual token as temporary fix this weekend. Here is an easy way to get the current logged in session token from browser.

[JustJoostNL]

Is there any easy actual working fix for this right now?

[robvdpol]

Nope but I'm working on a fix. Proof of concept is ready, just need to integrate it into Race Control now. Hope I can do it tonight.

[BeanXOfficial]

Nope but I'm working on a fix. Proof of concept is ready, just need to integrate it into Race Control now. Hope I can do it tonight.

You're a legend, thanks for all the work you put into this project!

[Tanguille]

You can also allow manual token as temporary fix this weekend. Here is an easy way to get the current logged in session token from browser.

Nice idea. Do you use that token instead of your password then? Is there a way to do this via the android app? Can only log in there. In all my browsers I can't login. After some research I discovered this could be because F1TV is restricting IP-adresses to avoid account sharing. Any way I could fix this? Answers to my questions would be much appreciated. Or if robvdpol could achieve a miracle and fix RaceControl until FP1 it would solve all of my above questions. Good luck and courage and thanks in advance!

[thedave42]

I have a better solution for subscription token handling, but it requires access to an embedded web browser from which you can listen to cookie events. I used Qt's Framework in C++ to essentially listen for login-session session cookie for formula1.com in a Qt WebEngine after allowing a user to log in. Upon successful login, F1 will add the cookie which includes the subscription token.

https://github.com/eXhumer/eXF1TV/blob/main/Source/F1TVService.cxx#L30

This is what I'm doing as well. I'm using Chromium and there is still a need for some extensions to get around the checks.

[AtlAntA118]

This might not be very usefull at all but i figured i might share this bit of info anyway. I can login just fine with RaceControl 2.6.3. No error message whatsoever and i can play all streams just fine.

The thing i do run on my PC is adguard with the extension called 'i dont care about cookies'. This might be doing something with the cookies and how they are handled.

[JustJoostNL]

Did you install i dont care about cookies as a extension in your browser?

[AtlAntA118]

Did you install i dont care about cookies as a extension in your browser?

No i run the desktop app of adguard and i use the 'i dont care about cookies' list there.

Im not going to pretend i know how cookies work or are being handled but i think this might make a difference opposed to a webbrowser based adblocker/cookiehandler.

[anthonylavado]

@AtlAntA118 Thanks for sharing that. It might be unrelated though. It looks like if you're already logged in, your session token is still valid for a little while. If that token has expired, or you sign out/in, then you run in to the issue seen here.

[robvdpol]

I have a solution but when I run it in release mode it doesn't work somehow :( I have to look into it tomorrow.

[eXhumer]

The "I don't care about cookies" is a browser extension / add-on. Nothing to do with application cookie handling.

https://www.i-dont-care-about-cookies.eu

[SkYNewZ]

I have a solution but when I run it in release mode it doesn't work somehow :( I have to look into it tomorrow.

Good luck to you, thanks for your work and have a good Australian GP!

[MatasVin]

cant wait for this to be fixed, i guess the web version will suffice for now

[Jurtaani]

i was able to login and continue using this app just fine, and the previous races from this and older seasons wor just fine. but i did notice that i was not able to watch Australian gp fp1 live or now as a archived session. other players stay empty but the internal one tries to load something, however that is just some pink mess with no audio. have they changed some drm things or is this just related to this issue as well and the upcoming 2.6.4 will resolve this issue as well?

[eXhumer]

I fear this isn't something any update can fix. F1 started to return Widevine'd streams for anything that was live or moved into archive recently.

[PostMalone]

This is becoming hell... F1tv is not messing around anymore. They only want to achieve one goal and that is to prevent any 3rd party tools running

[robvdpol]

Ok, this will require some more work. It basically means abandoning the Flyleaf video library and replacing it with an Edge WebView2 browser control that runs VideoJS. I have messed around with this in the past, and it should be able to support Widevine DRM. But it will take some time to implement, so please be patient.

[aeleos]

Ok, this will require some more work. It basically means abandoning the Flyleaf video library and replacing it with an Edge WebView2 browser control that runs VideoJS. I have messed around with this in the past, and it should be able to support Widevine DRM. But it will take some time to implement, so please be patient.

Take your time, and thanks for all of the work you do

[scns]

Ok, this will require some more work. It basically means abandoning the Flyleaf video library and replacing it with an Edge WebView2 browser control that runs VideoJS. I have messed around with this in the past, and it should be able to support Widevine DRM. But it will take some time to implement, so please be patient.

Hope you can find a fix, and tnx for all the work you do. It's an amazing tool!

[MatasVin]

Is there a chance to fix this issue before the australian gp race session?

[robvdpol]

Is there a chance to fix this issue before the australian gp race session?

Nope, unfortunately not.

[Jurtaani]

Ok, this will require some more work. It basically means abandoning the Flyleaf video library and replacing it with an Edge WebView2 browser control that runs VideoJS. I have messed around with this in the past, and it should be able to support Widevine DRM. But it will take some time to implement, so please be patient.

Fingers crossed that this doesn't make the great performance of the current method go away. i mean i can easily ran the four streams layout on the archived races without my laptop fans even noticing anything. but soon as i go and put up two browsers to at least get the F1live+one driver camera layout. it makes my laptop fans go crazy.

[hangro]

Is there a chance to fix this issue before the australian gp race session?

Nope, unfortunately not.

Succes Rob, and try to enjoy the Australian GP...

[MueR]

Get in touch with F1TV Support and complain (politely) about the changes to this DRM. Maybe, just maybe, they'll think about it again, or give 3rd party developers like Rob a headsup for the next change.

Rob, thanks for your hard work man.

[yukikaze04]

I told them I'm not renewing my subscription if RaceControl won't be allowed to work. I'd rather watch F1 for free than pay to use their joke of a website.

[PostMalone]

I told them I'm not renewing my subscription if RaceControl won't be allowed to work. I'd rather watch F1 for free than pay to use their joke of a website.

I requested a refund on my annual Sub. As a reason i stated ban on 3rd party apps that made f1tv great. Now its total garbage with their crap Web Player, not to mention the cpu load when you open a few tabs.

[yukikaze04]

The web player is a disaster, it crashes for me every ~30 minutes, like clockwork. Doesn't matter which browser I use. It's been happening for like at least a year now, but I didn't care cause we had RaceControl. Now I care.

[imnotnoa]

I told them I'm not renewing my subscription if RaceControl won't be allowed to work. I'd rather watch F1 for free than pay to use their joke of a website.

I requested a refund on my annual Sub. As a reason i stated ban on 3rd party apps that made f1tv great. Now its total garbage with their crap Web Player, not to mention the cpu load when you open a few tabs.

Good idea, I'm doing this too. I surely won't get a refund but it might make them reconsider their decisions regarding 3rd party apps

[Gedioa]

I am also going to tell them i will nor renew my moth sub. Reasons: There web player sucks. I almost never watch the F1 live, now when i log-in to the f1 site you see who won the race, so there is no point in watching the race! Will also tell them I will start using illegaal streams!

[moi427]

Of course the same problem here. I also sent them a similar mail to allow RaceControl access, hope they get these a lot.

Thanks a lot for your fabulous work Rob!!

[moi427]

F1TV reacts with a precooked copy & paste answer plus a link to usable platforms. Well, that's of no use of course, so I'll try it again not using the word "platform" but program for RaceControl. The just don't read but simply send something via I guess a bot.