starred/ytmusicapi

Fork 0

mirror of https://github.com/sigma67/ytmusicapi.git synced 2026-04-26 07:46:00 +03:00

[GH-ISSUE #199] good vs bad header fields #151

New issue

Closed

opened 2026-02-27 22:08:18 +03:00 by kerem · 5 comments

kerem commented

2026-02-27 22:08:18 +03:00

Owner

Originally created by @KoljaWindeler on GitHub (May 25, 2021).
Original GitHub issue: https://github.com/sigma67/ytmusicapi/issues/199

Hi, I'm trying to understand what headerfields are good and which are not ..
my browser request contains:

[0] :authority
[1] :method
[2] :path
[3] :scheme
[4] accept
[5] accept-encoding
[6] accept-language
[7] authorization
[8] content-length
[9] content-type
[10] cookie
[11] origin
[12] referer
[13] sec-ch-ua
[14] sec-ch-ua-mobile
[15] sec-fetch-dest
[16] sec-fetch-mode
[17] sec-fetch-site
[18] user-agent
[19] x-goog-authuser
[20] x-goog-pageid
[21] x-goog-visitor-id
[22] x-origin
[23] x-youtube-ad-signals
[24] x-youtube-client-name
[25] x-youtube-client-version
[26] x-youtube-device
[27] x-youtube-identity-token
[28] x-youtube-page-cl
[29] x-youtube-page-label
[30] x-youtube-time-zone
[31] x-youtube-utc-offset

if I add all lines I get:

File "/usr/lib/python3.8/http/client.py", line 1223, in putheader raise ValueError('Invalid header name %r' % (header,)) ValueError: Invalid header name b':authority'

removing the lines starting with {":authority", ":method", ":path", ":scheme"} I get

Exception: Server returned HTTP 403: Forbidden. The caller does not have permission

removing also "origin" make the api work ..

Does that make sense for you? I mean .. ok .. I can remove those parts .. but I seems strange that it is needed ..

Originally created by @KoljaWindeler on GitHub (May 25, 2021). Original GitHub issue: https://github.com/sigma67/ytmusicapi/issues/199 Hi, I'm trying to understand what headerfields are good and which are not .. my browser request contains: [0] :authority [1] :method [2] :path [3] :scheme [4] accept [5] accept-encoding [6] accept-language [7] authorization [8] content-length [9] content-type [10] cookie [11] origin [12] referer [13] sec-ch-ua [14] sec-ch-ua-mobile [15] sec-fetch-dest [16] sec-fetch-mode [17] sec-fetch-site [18] user-agent [19] x-goog-authuser [20] x-goog-pageid [21] x-goog-visitor-id [22] x-origin [23] x-youtube-ad-signals [24] x-youtube-client-name [25] x-youtube-client-version [26] x-youtube-device [27] x-youtube-identity-token [28] x-youtube-page-cl [29] x-youtube-page-label [30] x-youtube-time-zone [31] x-youtube-utc-offset if I add all lines I get: ` File "/usr/lib/python3.8/http/client.py", line 1223, in putheader raise ValueError('Invalid header name %r' % (header,)) ValueError: Invalid header name b':authority'` removing the lines starting with {":authority", ":method", ":path", ":scheme"} I get `Exception: Server returned HTTP 403: Forbidden. The caller does not have permission` removing also "origin" make the api work .. Does that make sense for you? I mean .. ok .. I can remove those parts .. but I seems strange that it is needed ..

kerem closed this issue

2026-02-27 22:08:19 +03:00

kerem commented

2026-02-27 22:08:19 +03:00

Author

Owner

@sigma67 commented on GitHub (May 25, 2021):

Those headers are chrome-specific and not "actual" HTTP request headers, so you're not meant to copy them.

Since Chrome is a bit special in that regard and many people use Chrome, we could filter them out here by checking if the first split item starts with a colon:
github.com/sigma67/ytmusicapi@474be51081/ytmusicapi/setup.py (L25-L27)

@sigma67 commented on GitHub (May 25, 2021): Those headers are chrome-specific and [not "actual" HTTP request headers](https://en.wikipedia.org/wiki/List_of_HTTP_header_fields), so you're not meant to copy them. Since Chrome is a bit special in that regard and many people use Chrome, we could filter them out here by checking if the first split item starts with a colon: https://github.com/sigma67/ytmusicapi/blob/474be51081b235b924bed0dce0244cb5735bafdc/ytmusicapi/setup.py#L25-L27

kerem commented

2026-02-27 22:08:19 +03:00

Author

Owner

@KoljaWindeler commented on GitHub (May 25, 2021):

that, or later in the ignore_headers section .. but what about the 403 with origin?

@KoljaWindeler commented on GitHub (May 25, 2021): that, or later in the ignore_headers section .. but what about the 403 with origin?

kerem commented

2026-02-27 22:08:19 +03:00

Author

Owner

@sigma67 commented on GitHub (May 25, 2021):

What value do you have for the origin key? It should be https://music.youtube.com. It can be problematic if it's wrong (even just a / at the end), so perhaps we should add it to the ignore_headers as well

@sigma67 commented on GitHub (May 25, 2021): What value do you have for the `origin` key? It should be `https://music.youtube.com`. It can be problematic if it's wrong (even just a `/` at the end), so perhaps we should add it to the `ignore_headers` as well

kerem commented

2026-02-27 22:08:19 +03:00

Author

Owner

@KoljaWindeler commented on GitHub (May 25, 2021):

"https://music.youtube.com " with trailing space .. but that could have been my fault ..

@KoljaWindeler commented on GitHub (May 25, 2021): "https://music.youtube.com " with trailing space .. but that could have been my fault ..

kerem commented

2026-02-27 22:08:19 +03:00

Author

Owner

@sigma67 commented on GitHub (May 25, 2021):

Yes, trailing space would definitely break it. But we should definitely exclude headers that have default values from initialize_headers. Simply swapping the two variables here should do the trick:

github.com/sigma67/ytmusicapi@474be51081/ytmusicapi/setup.py (L45)

@sigma67 commented on GitHub (May 25, 2021): Yes, trailing space would definitely break it. But we should definitely exclude headers that have default values from `initialize_headers`. Simply swapping the two variables here should do the trick: https://github.com/sigma67/ytmusicapi/blob/474be51081b235b924bed0dce0244cb5735bafdc/ytmusicapi/setup.py#L45