Solve issues with gitlab .apk files and cloudflare protection #1411
Conversation
There occur issues if a gitlab project refers in its release data to external hosted .apk file. In some cases (e.g. Aurora Store) download is not possible because cloudflare protection gives "forbidden" error. The referer header seems to pacify this cloudflare protection. Tested with Android 14 in an AVD emulator. Related to: ImranR98#1397, ImranR98#1389, ImranR98#1384, ImranR98#1382, ImranR98#1381, ImranR98#1380, ImranR98#1359, ImranR98#854, ImranR98#785, ImranR98#697
|
Great 👍 Just to confirm - were you still getting blocked without the Referrer header? I haven't been able to test this because I'm not longer getting blocked by Cloudflare either way (not sure if they removed it or just selective about IPs). |
|
hello @ImranR98 fixed side AuroraStore cf: |
|
@Disqu3-mirOir-qt Can you please provide information on the mentioned solution to the Cloudflare issue, i.e. any link to a PR or commit? In the linked ticket above the maintainer only states that you fixed the issue, unfortunately not how this has been fixed. |
|
I can confirm the cloudflare fix. The .apk dowload from |
We should integrate the PR anyway. There are certainly other sites that are protected with Cloudflare and with which Obtainium has problems. |
|
I agree, @DwainZwerg. This might solve issues for other sources, i.e. #1387. |
So you think this solution should be more generic? Seems not a bad idea to send always a |
I think it could be an option to opt in for each app individually in the respective additional app options. |
|
The solution about tokens refers to practice of generating personal access token on GitLab or to use some public app-specific one? |
|
@mjdNjhNJ It's related to personal access tokens, see https://github.com/ImranR98/Obtainium/wiki#gitlab. |
|
@Grishnackh Thanks. Confirming that everything works as expected with personal access token (read_api), Aurora Store successfully updated to 4.4.2. |
@akramer-zibra let me know if you still want the PR to be merged (after the one review comment is addressed) or if you plan on making something more generic. I don't think there's any harm in adding a referrer header by default for all requests (just not sure if that would be enough to bypass CF protection anyways). |
|
Hey @ImranR98 . I changed the host in the referer header as you mentioned. Sure this change makes the code more consistent. Tested this with
I think this PR is ready to merge. As some people mentioned above, there could be a more generic solution to this: for example a On-Off-switch within the app specific options to enable ("opt-in") sending HTTP headers. I would prefer to handle this within a separate PR, because I think there might be a need for further discussion on this. Nevertheless the Gitlab scraping seems still having issues when the .apk information on the release-page and tags-page differ. Using the Gitlab API for .apk retrieval solves this problem, but not every Obtainium user might have a Gitlab.com account. So I think there also might be a need for some code enhancements concerning this. I will endeavour to make a PR for this in the near future. |
There occur issues if releases refer to external hosted .apk files. In some cases (e.g. Aurora Store) download is not possible because cloudflare protection gives "forbidden" error. This patch will add a "referer" header to the download request to pacify cloudflare protection service.
Notice: In case of the
Aurora Storeproject, you still need aGitlab API token, to retrieve latest .apk release. Obtainium either retrieves .apk data from Gitlab API (token necessary) or fromtags-page, which has no information about the latest .apk url.Related to: #1397, #1389, #1384, #1382, #1381, #1380, #1359, #854, #785, #697
Tested with Android 14 in an emulated AVD.