Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a "--force-https" option. #9193

Open
ghost opened this issue Apr 14, 2016 · 7 comments
Open

Add a "--force-https" option. #9193

ghost opened this issue Apr 14, 2016 · 7 comments
Labels

Comments

@ghost
Copy link

@ghost ghost commented Apr 14, 2016

Idea came from Noscript addon for Firefox.
So, when you have http://www.youtube.com/watch?v=qn6CMz18lkQ link, and you know its supports https and instead of adding "s" to links every time, you could just add site to config option --force-https=www.youtube.com and it will always force links from youtube to https for this site and others you add.

@yan12125 yan12125 added the request label Apr 14, 2016
@vxbinaca
Copy link
Contributor

@vxbinaca vxbinaca commented Apr 23, 2016

Please enable this so it works on sites other than youtube.

@ghost
Copy link
Author

@ghost ghost commented May 1, 2016

Wait, is -f [protocol^=https] force http link play through https if it's available? If yes, then issue solved.

@dstftw
Copy link
Collaborator

@dstftw dstftw commented May 1, 2016

It does not force but filters out. And only final format URLs.

@ghost
Copy link
Author

@ghost ghost commented Sep 25, 2016

#10752

@dstftw

They can provide whatever they want whichever way they want. youtube-dl just extracts what they provide no more no less.

But why be confined with this? Take web browser for example, Firefox just showing what sites provide no more no less, but if you want you can change it with options or addons.

@yan12125

In Firefox HTTP video/audio files are used even if the webpage is in HTTPS, so there's a warning in the address bar

But in Firefox you can force all video/audio files to be HTTPS if site is open in https, there is option in about:config for that, why can't it be done in youtube-dl?

@dstftw
Copy link
Collaborator

@dstftw dstftw commented Sep 25, 2016

I've already answered you by mail why it's a bad idea.

@yan12125
Copy link
Collaborator

@yan12125 yan12125 commented Sep 25, 2016

Now YouTube replies 301 for non-HTTPS connections:

$ curl -v "http://www.youtube.com/watch?v=qn6CMz18lkQ"
*   Trying 163.28.18.29...
* TCP_NODELAY set
* Connected to www.youtube.com (163.28.18.29) port 80 (#0)
> GET /watch?v=qn6CMz18lkQ HTTP/1.1
> Host: www.youtube.com
> User-Agent: curl/7.50.3
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
< X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
< X-Content-Type-Options: nosniff
< Location: https://www.youtube.com/watch?v=qn6CMz18lkQ
< Content-Type: text/html; charset=utf-8
< Cache-Control: no-cache
< Expires: Tue, 27 Apr 1971 19:44:06 EST
< Date: Sun, 25 Sep 2016 14:12:48 GMT
< Server: YouTubeFrontEnd
< Content-Length: 0
< Connection: Keep-Alive
< Set-Cookie: YSC=AI7hw-yNHDs; path=/; domain=.youtube.com; httponly
< Set-Cookie: VISITOR_INFO1_LIVE=VpWXzY6kR0I; path=/; domain=.youtube.com; expires=Sat, 27-May-2017 02:05:48 GMT; httponly
< 
* Curl_http_done: called premature == 0
* Connection #0 to host www.youtube.com left intact

I guess this option is no longer necessary. @vxbinaca do you have other examples?

@Hrxn
Copy link

@Hrxn Hrxn commented Sep 25, 2016

Apart from the thing that you can't enforce https if the server doesn't play along..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.