From 20d45f0cb4797d3ef2e20bb6da038ce200faf51e Mon Sep 17 00:00:00 2001 From: NotNite Date: Tue, 22 Apr 2025 09:03:01 -0400 Subject: [PATCH 1/2] Update headers for latest boot version --- src/XIVLauncher.Common/Game/Launcher.cs | 67 +++++++++++++++---------- 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/src/XIVLauncher.Common/Game/Launcher.cs b/src/XIVLauncher.Common/Game/Launcher.cs index ed80686f0..a47b41b6e 100644 --- a/src/XIVLauncher.Common/Game/Launcher.cs +++ b/src/XIVLauncher.Common/Game/Launcher.cs @@ -473,12 +473,22 @@ public async Task GenPatchToken(string patchUrl, string uniqueId) { // This is needed to be able to access the login site correctly var request = new HttpRequestMessage(HttpMethod.Get, url); - request.Headers.AddWithoutValidation("Accept", "image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*"); - request.Headers.AddWithoutValidation("Referer", GenerateFrontierReferer(this.settings.ClientLanguage.GetValueOrDefault(ClientLanguage.English))); - request.Headers.AddWithoutValidation("Accept-Encoding", "gzip, deflate"); - request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); + + request.Headers.AddWithoutValidation("Host", request.RequestUri.Host); + request.Headers.AddWithoutValidation("sec-ch-ua", "\"Microsoft Edge WebView2\";v=\"135\", \"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\", \"Microsoft Edge\";v=\"135\""); + request.Headers.AddWithoutValidation("sec-ch-ua-mobile", "?0"); + request.Headers.AddWithoutValidation("sec-ch-ua-platform", "\"Windows\""); + request.Headers.AddWithoutValidation("Upgrade-Insecure-Requests", "1"); request.Headers.AddWithoutValidation("User-Agent", this.userAgent); - request.Headers.AddWithoutValidation("Connection", "Keep-Alive"); + request.Headers.AddWithoutValidation("Accept", "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); + request.Headers.AddWithoutValidation("Sec-Fetch-Site", "cross-site"); + request.Headers.AddWithoutValidation("Sec-Fetch-Mode", "navigate"); + request.Headers.AddWithoutValidation("Sec-Fetch-User", "?1"); + request.Headers.AddWithoutValidation("Sec-Fetch-Dest", "iframe"); + request.Headers.AddWithoutValidation("Sec-Fetch-Storage-Access", "active"); + request.Headers.AddWithoutValidation("Referer", "https://launcher.finalfantasyxiv.com/"); + request.Headers.AddWithoutValidation("Accept-Encoding", "gzip, deflate, br, zstd"); + request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); request.Headers.AddWithoutValidation("Cookie", "_rsid=\"\""); var reply = await this.client.SendAsync(request); @@ -563,15 +573,24 @@ private async Task OauthLogin(string userName, string password var request = new HttpRequestMessage(HttpMethod.Post, "https://ffxiv-login.square-enix.com/oauth/ffxivarr/login/login.send"); - request.Headers.AddWithoutValidation("Accept", "image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*"); - request.Headers.AddWithoutValidation("Referer", topUrl); - request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); - request.Headers.AddWithoutValidation("User-Agent", this.userAgent); + request.Headers.AddWithoutValidation("Host", request.RequestUri.Host); + request.Headers.AddWithoutValidation("Cache-Control", "max-age=0"); + request.Headers.AddWithoutValidation("sec-ch-ua", "\"Microsoft Edge WebView2\";v=\"135\", \"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\", \"Microsoft Edge\";v=\"135\""); + request.Headers.AddWithoutValidation("sec-ch-ua-mobile", "?0"); + request.Headers.AddWithoutValidation("sec-ch-ua-platform", "\"Windows\""); + request.Headers.AddWithoutValidation("Origin", "https://ffxiv-login.square-enix.com"); //request.Headers.AddWithoutValidation("Content-Type", "application/x-www-form-urlencoded"); + request.Headers.AddWithoutValidation("Upgrade-Insecure-Requests", "1"); + request.Headers.AddWithoutValidation("User-Agent", this.userAgent); + request.Headers.AddWithoutValidation("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"); + request.Headers.AddWithoutValidation("Sec-Fetch-Site", "same-origin"); + request.Headers.AddWithoutValidation("Sec-Fetch-Mode", "navigate"); + request.Headers.AddWithoutValidation("Sec-Fetch-User", "?1"); + request.Headers.AddWithoutValidation("Sec-Fetch-Dest", "iframe"); + request.Headers.AddWithoutValidation("Sec-Fetch-Storage-Access", "active"); + request.Headers.AddWithoutValidation("Referer", topUrl); request.Headers.AddWithoutValidation("Accept-Encoding", "gzip, deflate"); - request.Headers.AddWithoutValidation("Host", "ffxiv-login.square-enix.com"); - request.Headers.AddWithoutValidation("Connection", "Keep-Alive"); - request.Headers.AddWithoutValidation("Cache-Control", "no-cache"); + request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); request.Headers.AddWithoutValidation("Cookie", "_rsid=\"\""); if (isSteam) @@ -683,6 +702,8 @@ public async Task DownloadAsLauncher(string url, ClientLanguage language { var request = new HttpRequestMessage(HttpMethod.Get, url); + request.Headers.AddWithoutValidation("Host", request.RequestUri.Host); + request.Headers.AddWithoutValidation("sec-ch-ua-platform", "\"Windows\""); request.Headers.AddWithoutValidation("User-Agent", this.userAgent); if (!string.IsNullOrEmpty(contentType)) @@ -690,26 +711,20 @@ public async Task DownloadAsLauncher(string url, ClientLanguage language request.Headers.AddWithoutValidation("Accept", contentType); } - request.Headers.AddWithoutValidation("Accept-Encoding", "gzip, deflate"); - request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); - + request.Headers.AddWithoutValidation("sec-ch-ua", "\"Microsoft Edge WebView2\";v=\"135\", \"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\", \"Microsoft Edge\";v=\"135\""); + request.Headers.AddWithoutValidation("sec-ch-ua-mobile", "?0"); request.Headers.AddWithoutValidation("Origin", "https://launcher.finalfantasyxiv.com"); - - request.Headers.AddWithoutValidation("Referer", GenerateFrontierReferer(language)); - request.Headers.AddWithoutValidation("Connection", "Keep-Alive"); + request.Headers.AddWithoutValidation("Sec-Fetch-Site", "cross-site"); + request.Headers.AddWithoutValidation("Sec-Fetch-Mode", "cors"); + request.Headers.AddWithoutValidation("Sec-Fetch-Dest", "empty"); + request.Headers.AddWithoutValidation("Referer", "https://launcher.finalfantasyxiv.com/"); + request.Headers.AddWithoutValidation("Accept-Encoding", "gzip, deflate, br, zstd"); + request.Headers.AddWithoutValidation("Accept-Language", this.settings.AcceptLanguage); var resp = await this.client.SendAsync(request); return await resp.Content.ReadAsByteArrayAsync(); } - private string GenerateFrontierReferer(ClientLanguage language) - { - var langCode = language.GetLangCode().Replace("-", "_"); - var formattedTime = GetLauncherFormattedTimeLong(); - - return string.Format(this.frontierUrlTemplate, langCode, formattedTime); - } - // Used to be used for frontier top, they now use the un-rounded long timestamp private static string GetLauncherFormattedTime() => DateTime.UtcNow.ToString("yyyy-MM-dd-HH"); From 103be3498e25b7be73640316092f95a813c16b75 Mon Sep 17 00:00:00 2001 From: NotNite Date: Tue, 22 Apr 2025 09:07:45 -0400 Subject: [PATCH 2/2] Add comment about HttpClient --- src/XIVLauncher.Common/Game/Launcher.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/XIVLauncher.Common/Game/Launcher.cs b/src/XIVLauncher.Common/Game/Launcher.cs index a47b41b6e..28327197d 100644 --- a/src/XIVLauncher.Common/Game/Launcher.cs +++ b/src/XIVLauncher.Common/Game/Launcher.cs @@ -573,6 +573,7 @@ private async Task OauthLogin(string userName, string password var request = new HttpRequestMessage(HttpMethod.Post, "https://ffxiv-login.square-enix.com/oauth/ffxivarr/login/login.send"); + // NOTE: HttpClient seems to automatically add Connection and Content-Type, declaring it here will add it twice! request.Headers.AddWithoutValidation("Host", request.RequestUri.Host); request.Headers.AddWithoutValidation("Cache-Control", "max-age=0"); request.Headers.AddWithoutValidation("sec-ch-ua", "\"Microsoft Edge WebView2\";v=\"135\", \"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\", \"Microsoft Edge\";v=\"135\"");