Migrated from Patreon. Original post here.

I hope everyone had a good weekend! This past week I've been fixing some issues that have been brought to my attention to help better protect users and help them keep their anonymity.

An issue with open referers has been fixed with 29a2186, which prevents potential redirects to external sites on actions such as login or modifying preferences.

Additionally, X-XSS-Protection, X-Content-Type-Options, and X-Frame-Options headers have been added with 96234e5, which should keep users safer while using the site.

A potential XSS vector has also been fixed in YouTube comments with 8c45694.

All the above vulnerabilities were brought to my attention by someone who wishes to remain anonymous, but I would like to say again here how thankful I am. If anyone else would like to get in touch please feel free to email me at omarroth@hotmail.com or omarroth@protonmail.com.

This week a couple changes have been made to better protect user's privacy as well.

All CSS and JS assets are now served locally with 3ec684a, which means users no longer need to whitelist unpkg.com. Although I personally have encountered few issues, I understand that many folks would like to keep their browsing activity contained to as few parties as possible. In the coming week I also hope to proxy YouTube images, so that no user data is sent to Google.

YouTube links in comments now should redirect properly to the Invidious alternate with 1c8bd67 and cf63c82, so users can more easily evade Google tracking.

I'm also happy to mention a couple quality of life features this week:

Invidious now shows a video's "license" if provided, see #159 for more details. You can also search for videos licensed under the creative commons with "QUERY features:creative_commons".

Videos with only one source will always display the cog for changing quality, so that users can see what quality is currently playing. See #158 for more details.

Folks have also probably noticed that the gutters on either side of the screen have been shrunk down quite significantly, so that more of the screen is filled with content. Hopefully this can be improved even more in the coming weeks.

"Music", "Sports", and "Popular on YouTube" channels now properly display their videos. You can subscribe to these channels just as you would normally.

This coming week I'm planning on spending time with my family, so I unfortunately may not be as responsive. I do still hope to add some smaller features for next week however, and I hope to continue development soon.

Thank you everyone again for your support.