From d8d16280ff92591cb75376dd9977e0dd12ca7e28 Mon Sep 17 00:00:00 2001 From: Arkadiusz Fal Date: Thu, 12 Feb 2026 06:04:16 +0100 Subject: [PATCH] Fix Invidious login failing for passwords with special characters Use URLComponents/URLQueryItem for standard form-URL encoding instead of manual percent-encoding with CharacterSet.alphanumerics, which included non-ASCII Unicode letters and had an unsafe raw-value fallback. --- Yattee/Services/API/InvidiousAPI.swift | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Yattee/Services/API/InvidiousAPI.swift b/Yattee/Services/API/InvidiousAPI.swift index 18e0b003..4b0c7083 100644 --- a/Yattee/Services/API/InvidiousAPI.swift +++ b/Yattee/Services/API/InvidiousAPI.swift @@ -349,16 +349,16 @@ actor InvidiousAPI: InstanceAPI { /// - instance: The Invidious instance to log in to /// - Returns: The session ID (SID) cookie value func login(email: String, password: String, instance: Instance) async throws -> String { - // Build form-urlencoded body - let bodyComponents = [ - "email": email, - "password": password, - "action": "signin" + // Build form-urlencoded body using URLComponents for standard encoding + var components = URLComponents() + components.queryItems = [ + URLQueryItem(name: "email", value: email), + URLQueryItem(name: "password", value: password), + URLQueryItem(name: "action", value: "signin") ] - let formAllowed = CharacterSet.alphanumerics.union(CharacterSet(charactersIn: "-._~")) - let bodyString = bodyComponents - .map { "\($0.key)=\($0.value.addingPercentEncoding(withAllowedCharacters: formAllowed) ?? $0.value)" } - .joined(separator: "&") + // URLQueryItem leaves '+' unencoded, but in form-urlencoded '+' means space + let bodyString = components.percentEncodedQuery? + .replacingOccurrences(of: "+", with: "%2B") ?? "" guard let bodyData = bodyString.data(using: .utf8) else { throw APIError.invalidRequest