search

xifangczy / cat-catch

猫抓 浏览器资源嗅探扩展 / cat-catch Browser Resource Sniffing Extension
GNU General Public License v3.0
9.13k stars 846 forks source link

Causes Cross-Origin Request Blocked for YouTube #483

Open Tiffys opened 1 day ago

Tiffys commented 1 day ago

扩展版本号 extension version

2.5.4

浏览器

Firefox

浏览器版本号

128.0.3

涉及网址

https://www.youtube.com/

请详细描述问题

If I'm watching a YouTube video then use cat-catch on another tab like on Reddit (for RedGIFs or Imgur), or even if I have YouTube videos pulled up but paused and not started yet, they'll stop buffering and have a spinning disc. Checking my console I see tons of stuff like this:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ... (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ... (Reason: CORS request did not succeed). Status code: (null).

And those particular YouTube videos that were effected will literally never load. Not even with a browser restart.

The only two ways around this are private browsing mode wherein cat-catch is disabled, or by disabling cat-catch.

xifangczy commented 5 hours ago

After countless tests, the bug you mentioned could not be successfully reproduced Can you use tools like ShareX to record your operation steps? I want to see if I missed any operations.

Tiffys commented 4 hours ago

After countless tests, the bug you mentioned could not be successfully reproduced Can you use tools like ShareX to record your operation steps? I want to see if I missed any operations.

Given that the stuff I'd have to pull up on Reddit is probably NSFW I reckon it'd probably be against ToS or something. Let's see...

  1. use Firefox, on PC.
  2. get Reddit Enhancement Suite, make sure you can view media inline by clicking the little [📷+] button by the post. Set Reddit to the old version in your settings, or directly append "old." as a prefix to Reddit links to access the old version of Reddit.
  3. We'll need imgur and RedGIFs inline so you could add lil-braids and IamSureCakes to your friends, the former tends to upload to Imgur and the latter to RedGIFs - but not always. Then you'd use /r/friends which only shows posts from your friends.
  4. Enable cat-catch if it isn't already.
  5. Open some long YouTube video, probably doesn't matter which. Could use this one for instance. For good measure open like 3 more YouTube tabs with other videos but immediately pause the videos.
  6. Start playing the long video from step 5. Leave it playing in a background tab.
  7. Click the [📷+] button on a post. If it's a RedGIFs one click the SD button on the embed for HD then click the cat-catch icon in the top right.
  8. Click the name of the largest MB m4s, which won't be the -mobile one. It'll display in the cat-catch menu. Right click there, save video as and save it somewhere.
  9. Hit the (x) to close the embed.
  10. Open cat-catch menu and press clear.
  11. For the Imgur ones chances are Imgur removed the video already as it violates their ToS. But click the [📷+] button anyways. It'll look like it can't load anything. But you'll note a little [1] on the cat-catch icon.
  12. Click the cat-catch icon, click the mp4's name, right click, save as - which btw idk how it's even possible to save something already removed from Imgur's servers but it's a nice feature.
  13. Repeat steps 7-12 for awhile.
  14. Right click in the YT window and inspect then just pull up the log and enable Errors, Warnings, Logs, Info, Debug, CSS, XHR, Requests. You should already be starting to see the Cross-Origin Request Blocked. Even with a paused video you should see it happening.
  15. Eventually it's going to stop buffering and when you get through the video you've already buffered it'll just turn into a spinning disc.
  16. Once they stop like this they'll never load. Even the other YouTube video tabs you had opened but paused will now not load. Restarting the browser won't fix it. Refreshing the tab won't fix it. A private window can, and disabling cat-catch and refreshing can. If it doesn't after disabling cat-catch then opening a different YouTube video you hadn't opened before should make the others then load. Restarting the browser after disabling cat-catch isn't necessary.

Here's a list of my extensions, including disabled ones, and the ones that aren't allowed in private windows: 7TV 3.0.9 - not allowed in private windows Absolute Enable Right Click & Copy 1.3.9resigned1 [DISABLED] BetterTTV 7.6.6 - not allowed in private windows Bitwarden - Free Password Manager 2023.9.2 Disconnect 20.3.1.2 [DISABLED] Forecastfox (fix version) 4.26 [DISABLED] FrankerFaceZ 4.0 - not allowed in private windows Greasemonkey 4.13 Group Speed Dial 23.0 Ignore X-Frame-Options 1.6.9 [DISABLED] Image Search Options 3.0.12 Instagram Video Download 1.12 - not allowed in private windows Location Guard 2.5.0 Multiple Tab Handler 3.1.11 Nightly Tester Tools 4.0 Notifier for Gmail™ 1.1.8 Reddit Enhancement Suite 5.22.17 Requestly: Open Source HTTPs Debugging Proxy 24.1.3 [DISABLED] Stylish - Custom themes for any website 3.1.9resigned1 - not allowed in private windows TTV LOL 0.0.0.5 - not allowed in private windows TTV LOL PRO 2.3.9 [DISABLED] Twitch Adblock 5.6.0 [DISABLED] Twitter Media Downloader 0.1.5.4 [DISABLED] cat-catch 2.5.4 - not allowed in private windows dopeChat 1.4.4 [DISABLED] uBlock Origin 1.59.0

In my cat-catch settings I don't think I changed anything down until the M3U8 parser where I have it enabled, 6 threads, MP4 active and FFmpeg transcod active with the other settings in that section disabled. Didn't change any other settings.

Settings export: eyJFeHQiOlt7ImV4dCI6ImZsdiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6ImhsdiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6ImY0diIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im1wNCIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im1wMyIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6IndtYSIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6IndhdiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im00YSIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6InRzIiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0Ijoid2VibSIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im9nZyIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im9ndiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6ImFjYyIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im1vdiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im1rdiIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im00cyIsInNpemUiOjAsInN0YXRlIjp0cnVlfSx7ImV4dCI6Im0zdTgiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJtM3UiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJtcGVnIiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0IjoiYXZpIiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0Ijoid212Iiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0IjoiYXNmIiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0IjoibW92aWUiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJkaXZ4Iiwic2l6ZSI6MCwic3RhdGUiOnRydWV9LHsiZXh0IjoibXBlZzQiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJ2aWQiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJhYWMiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX0seyJleHQiOiJtcGQiLCJzaXplIjowLCJzdGF0ZSI6dHJ1ZX1dLCJNM3U4TXA0Ijp0cnVlLCJlbmFibGUiOnRydWV9

I could share my uBlock settings and filters if you want, though. Could also share RES settings.