fix: set browser User-Agent to bypass Cloudflare WAF 403#55
Open
marceltrindade wants to merge 1 commit into
Open
fix: set browser User-Agent to bypass Cloudflare WAF 403#55marceltrindade wants to merge 1 commit into
marceltrindade wants to merge 1 commit into
Conversation
Python-urllib/3.x User-Agent is blocked by Cloudflare WAF and similar reverse proxies, returning HTTP 403 on every request. This makes the addon completely unusable on any server behind Cloudflare. Changes: - Remove the module-level install_opener() that creates a global opener without an insecure TLS context, which could also cause SSL errors. Each Connection() already builds its own opener via _getOpener(). - Set a browser-like User-Agent (Firefox 120) in _getOpener() so Cloudflare and other WAFs allow the request through. Fixes: connection fails with 'Connection error' popup and 'HTTP Error 403: Forbidden' in the Kodi log for servers behind Cloudflare.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The Kodi Subsonic addon fails with
Connection error/HTTP Error 403: Forbiddenwhen the server is behind Cloudflare or any WAF that blocks the defaultPython-urllib/3.xUser-Agent. This makes the addon completely unusable with any server fronted by Cloudflare.Root cause
Two issues in
lib/libsonic/connection.py:Module-level
install_opener()without insecure context (line 61): A globalurllibopener is installed at import time usingHTTPSHandlerChain()with no SSL context. When TLS verification fails (e.g. behind a reverse proxy with a non-standard cert chain), the connection silently fails.Missing browser-like User-Agent (line 2782): The opener built by
_getOpener()uses Python urllib's default User-Agent (Python-urllib/3.x), which Cloudflare WAF and similar services block with HTTP 403.Changes
Comment out the module-level
install_opener()call — eachConnection()already builds its own opener via_getOpener()with the correct insecure context when needed. The global installer was redundant and harmful.Add a browser-like User-Agent to the opener —
Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0is sent as the User-Agent header, which passes Cloudflare WAF without issues.Testing
Tested against Navidrome v0.62.0 behind Cloudflare on Kodi 21 Omega / LibreELEC 12. With the patch:
pingendpoint returns HTTP 200 (was 403)