HTTPS Support & Custom Certificates #3647

New issue

Open

opened 2025-07-19 03:57:16 +00:00 by nglmercer · 3 comments

nglmercer commented 2025-07-19 03:57:16 +00:00 (Migrated from github.com)

Copy link

Preflight Checklist

• I use the latest version of YouTube Music (Application).
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem Description

🚀 Feature Request: HTTPS Support & Custom Certificates

I built a web page that works as a remote control for the app via the REST API.
Right now, it only accepts local origins (127.0.0.1, localhost) or plain HTTP traffic.

Proposed Solution

Request:
Please add an option for users to upload their own certificates (.pem, .crt) and enable HTTPS connections.
This would allow:

• Secure connections to devices on other networks.
• End-to-end data integrity and confidentiality.
  (referencing https://github.com/nglmercer/yt-music-swg)
  

Thank you!

Alternatives Considered

add documentation to the REST API

Additional Information

No response

### Preflight Checklist - [x] I use the latest version of YouTube Music (Application). - [x] I have searched the [issue tracker](https://github.com/th-ch/youtube-music/issues) for a feature request that matches the one I want to file, without success. ### Problem Description ### 🚀 Feature Request: HTTPS Support & Custom Certificates I built a web page that works as a remote control for the app via the REST API. Right now, it only accepts local origins (`127.0.0.1`, `localhost`) or plain HTTP traffic. ### Proposed Solution **Request:** Please add an option for users to upload their own certificates (`.pem`, `.crt`) and enable **HTTPS** connections. This would allow: - Secure connections to devices on other networks. - End-to-end data integrity and confidentiality. (referencing https://github.com/nglmercer/yt-music-swg) <img width="1872" height="997" alt="Image" src="https://github.com/user-attachments/assets/2127ff99-2373-4f1f-9ec6-47ef47553a0b" /> Thank you! ### Alternatives Considered add documentation to the REST API ### Additional Information _No response_

mohanad-80 commented 2025-09-09 19:27:31 +00:00 (Migrated from github.com)

Copy link

Hi there,
I’m interested in working on this issue and have already started prototyping a solution on a separate branch.
Is anyone else currently working on this, or is it okay for me to proceed and open a PR when ready?
If there are any specific requirements or preferences for implementation, please let me know.
Thanks!

@JellyBrick tagging you since you labeled this issue. Please let me know if you have any input or if someone else is already working on it!

Hi there, I’m interested in working on this issue and have already started prototyping a solution on a separate branch. Is anyone else currently working on this, or is it okay for me to proceed and open a PR when ready? If there are any specific requirements or preferences for implementation, please let me know. Thanks! @JellyBrick tagging you since you labeled this issue. Please let me know if you have any input or if someone else is already working on it!

nglmercer commented 2025-09-09 21:06:07 +00:00 (Migrated from github.com)

Copy link

I use a proxy on my PC and redirect requests, obviously using an SSL certificate to have the https server and for everything to work correctly.

5️⃣ Dynamic Reverse Proxy

Activation: send the header X-Proxy-Target: <absolute url> in any request to the server.

Additional header	Purpose
X-Proxy-Timeout	Max time in ms (default 30000).
Proxy-Authorization	Basic credentials that are re-sent as Authorization.

Example:

curl -H "X-Proxy-Target: https://jsonplaceholder.typicode.com/todos/1" \
     -H "Proxy-Authorization: Basic dXNlcjpwYXNz" \
     http://localhost:3001/anything

code sample

import { Hono } from 'hono'

const app = new Hono()

app.all('*', async (c) => {
  const target = c.req.header('X-Proxy-Target')
  
  if (!target) {
    return c.text('Missing X-Proxy-Target header', 400)
  }

  try {
    const timeout = parseInt(c.req.header('X-Proxy-Timeout') || '30000')
    const auth = c.req.header('Proxy-Authorization')
    
    // Copy headers
    const headers = new Headers(c.req.raw.headers)
    headers.delete('X-Proxy-Target')
    headers.delete('X-Proxy-Timeout')
    
    if (auth) {
      headers.set('Authorization', auth)
      headers.delete('Proxy-Authorization')
    }

    // Forward request
    const controller = new AbortController()
    setTimeout(() => controller.abort(), timeout)
    
    const response = await fetch(target, {
      method: c.req.method,
      headers,
      body: c.req.method !== 'GET' ? await c.req.arrayBuffer() : undefined,
      signal: controller.signal
    })

    return new Response(await response.arrayBuffer(), {
      status: response.status,
      headers: response.headers
    })
    
  } catch (err) {
    return c.text(`Proxy error: ${err}`, 500)
  }
})

export default app

I would like to know how an implementation could be done, since the proxy is only an option, not the solution.

I use a proxy on my PC and redirect requests, obviously using an SSL certificate to have the https server and for everything to work correctly. ### 5️⃣ Dynamic Reverse Proxy **Activation**: send the header `X-Proxy-Target: <absolute url>` in any request to the server. | Additional header | Purpose | |-----------------------|-----------------------------------------------------------| | `X-Proxy-Timeout` | Max time in ms (default `30000`). | | `Proxy-Authorization` | Basic credentials that are re-sent as `Authorization`. | Example: ```bash curl -H "X-Proxy-Target: https://jsonplaceholder.typicode.com/todos/1" \ -H "Proxy-Authorization: Basic dXNlcjpwYXNz" \ http://localhost:3001/anything ``` code sample ```typescript import { Hono } from 'hono' const app = new Hono() app.all('*', async (c) => { const target = c.req.header('X-Proxy-Target') if (!target) { return c.text('Missing X-Proxy-Target header', 400) } try { const timeout = parseInt(c.req.header('X-Proxy-Timeout') || '30000') const auth = c.req.header('Proxy-Authorization') // Copy headers const headers = new Headers(c.req.raw.headers) headers.delete('X-Proxy-Target') headers.delete('X-Proxy-Timeout') if (auth) { headers.set('Authorization', auth) headers.delete('Proxy-Authorization') } // Forward request const controller = new AbortController() setTimeout(() => controller.abort(), timeout) const response = await fetch(target, { method: c.req.method, headers, body: c.req.method !== 'GET' ? await c.req.arrayBuffer() : undefined, signal: controller.signal }) return new Response(await response.arrayBuffer(), { status: response.status, headers: response.headers }) } catch (err) { return c.text(`Proxy error: ${err}`, 500) } }) export default app ``` I would like to know how an implementation could be done, since the proxy is only an option, not the solution.

mohanad-80 commented 2025-09-09 21:48:18 +00:00 (Migrated from github.com)

Copy link

I would like to know how an implementation could be done, since the proxy is only an option, not the solution.

The solution I'm working on is to add an option in the api-server plugin for enabling HTTPS on the server and allowing the user to specify the paths of the certificate and key files to be used on the server.

When this option is enabled by the user, the plugin will restart and then it will create a secure server and pass the certificate and key files to Hono's serve method to create a server that can be connected to using HTTPS.

I just wanted to check here if anyone else is working on this issue before I open a PR with the code I wrote.

> I would like to know how an implementation could be done, since the proxy is only an option, not the solution. The solution I'm working on is to add an option in the api-server plugin for enabling HTTPS on the server and allowing the user to specify the paths of the certificate and key files to be used on the server. When this option is enabled by the user, the plugin will restart and then it will create a secure server and pass the certificate and key files to Hono's `serve` method to create a server that can be connected to using HTTPS. I just wanted to check here if anyone else is working on this issue before I open a PR with the code I wrote.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/electron-38.x

renovate/zod-4.x

renovate/hono-node-server-1.x

renovate/vite-7.x

renovate/discord-api-types-0.x

snyk-fix-cc0d8c0a11cb136c85b52eac08f01ecd

renovate/youtubei.js-15.x

renovate/virtua-0.x

renovate/npm-hono-vulnerability

dependabot/npm_and_yarn/hono-4.9.7

renovate/ffmpeg.wasm-main-0.x

renovate/ffmpeg.wasm-core-mt-0.x

snyk-fix-b03d669b0e10f74efab60edd2a874685

refactor/music-together

feat/webnowplaying-v1

feat/chromecast

legacy/http-api

v3.11.0

v3.10.0

v3.9.0

v3.8.1

v3.8.0

v3.7.5

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.2

v3.6.1

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.12

v3.3.11

v3.3.10

v3.3.9

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.2

v3.0.1

v3.0.0

v2.2.0

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.20.0

v1.19.0

v1.18.0

v1.17.0

v1.16.0

v1.15.0

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.2

v1.8.1

v1.8.0

v1.7.5

v1.7.3

v1.7.4

v1.7.2

v1.7.1

v1.7.0

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.0

v1.5.0

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.2.0

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.0.0

v1.1.0

Labels

Clear labels   

awaiting-reply

Awaiting reply

  

breaking changes

  

bug

Something isn't working

  

cannot-reproduce

Bug cannot be reproduced

  

dependencies

Pull requests that update a dependency file

  

documentation

  

duplicate

This issue or pull request already exists

  

electron-issue

It's an Electron or Electron related dependencies issue (not YTM-Desktop issue)

  

enhancement

New feature or request

  

fix-available

A fix to the issue is available in a new version

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

javascript

Pull requests that update javascript code

  

need more information

Need more information about the issue

  

need rebase

This plugin need rebase

  

official-youtube-music-issue

It's an YouTube's issue (not YTM-Desktop issue)

  

plugin request

An issue/discussion requesting for a new plugin or new functionality to an existing plugin.

  

question

Further information is requested

  

release

Release

  

security

  

stale

  

Status: blocked

There are something to do before this

  

typo

  

wontfix

This will not be worked on

  

ytmd-issue

An issue/discussion about ytm desktop, unrelated to th-ch/youtube-music

No labels

awaiting-reply

breaking changes

bug

cannot-reproduce

dependencies

documentation

duplicate

electron-issue

enhancement

fix-available

good first issue

help wanted

invalid

javascript

need more information

need rebase

official-youtube-music-issue

plugin request

question

release

security

stale

Status: blocked

typo

wontfix

ytmd-issue

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: YTMD/youtube-music#3647

No description provided.