From 0405c28245ad1a2a1aa9bcb0d8ecb28ea3a830f8 Mon Sep 17 00:00:00 2001 From: Administrator Date: Sun, 19 Apr 2026 22:37:11 +0200 Subject: [PATCH] fix(vidmoly): strip vidmoly.me cookies on cross-origin transit POST + add XFS fields Upload stalled at 99% because we were sending vidmoly.me cookies to *.vmwesa.online (transit server rejects them silently). Browsers never send those cross-origin. Now we omit the Cookie header and match the Origin/Referer the browser uses. Also added the full classic XFS field set (upload_type, sess_id, srv_tmp_url, utype) in the order the server's handler expects. --- lib/vidmoly-upload.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/vidmoly-upload.js b/lib/vidmoly-upload.js index 447e4e0..d465ab2 100644 --- a/lib/vidmoly-upload.js +++ b/lib/vidmoly-upload.js @@ -141,7 +141,8 @@ class VidmolyUploader { } return { uploadUrl: payload.upload_url, - params: { sess_id: payload.sess_id, utype: 'reg' }, + // Classic XFS upload fields in the order the server expects. + params: { upload_type: 'file', sess_id: payload.sess_id, srv_tmp_url: '', utype: 'reg' }, fileFieldName: 'file_0' }; } @@ -200,17 +201,20 @@ class VidmolyUploader { yield epilogueBuf; } - // Use undici.request for the upload (streaming body for progress) + // Transit server lives on a different domain (*.vmwesa.online). Browsers + // don't send vidmoly.me cookies across origins, so we don't either. + // Origin + Referer match the browser's actual upload headers. const { body, statusCode, headers } = await request(uploadUrl, { method: 'POST', body: generate(), signal, headers: { 'User-Agent': USER_AGENT, - 'Cookie': this._cookieHeader(), + 'Accept': '*/*', + 'Origin': BASE_URL, + 'Referer': `${BASE_URL}/`, 'Content-Type': `multipart/form-data; boundary=${boundary}`, - 'Content-Length': String(totalSize), - 'Referer': `${BASE_URL}/upload.html` + 'Content-Length': String(totalSize) }, headersTimeout: UPLOAD_TIMEOUT, bodyTimeout: UPLOAD_TIMEOUT