Greasy Fork

Doesn't seem to work for me since yesterday. Seems like BDSMLR is messing with some hotlinking prevention that doesn't let me download with this script or with other Chrome extensions either.

Works for me with the updated 4.2.2 version (Firefox).
Have you checked that you're not still running 4.2.1, maybe?

However, two things have changed:

(1) MIME content-types are (again!) wrong for many images.
Images will be delivered from the server identified as "application/octet-stream" instead of the correct "image/jpeg".
-> This leads the browser to display a "Save As" dialog instead of displaying the image in a browser tab.
This issue is unrelated to my user-script.
It actually cannot be fixed via any kind of TamperMonkey script - the required low-level network access is not available in user-scripts.
That said, for Firefox there is an extension that can help (but needs initial configuration):
https://github.com/jscher2000/Content-Type-Fixer-extension
Not sure if there's something like that for Chromium-browsers.

(2) hotlinking prevention on some image URLs (but apparently not all?)
If you open some image URLs in an empty tab, you get redirected to the dashboard page.
However, if you open the image tab from the dashboard stream, then the image will open correctly, and you can also save it to disk.
If you were to press reload on such an image tab, then you'd again be redirected.
Same a (1), this issue is unrelated to my user-script.
I'm currently checking if a user-script like mine can improve the situation partially - but a full fix is out-of-scope for TamperMonkey user-scripts - again, the required low-level network access is not available to user-scripts.
However, there are various extensions that can spoof the referrer as needed; for example, for Firefox:
https://addons.mozilla.org/en-US/firefox/addon/referercontrol/
Iirc, there are similar extensions available for Chromium browsers.

You SHOULD also check the behavior of the BDSMLR site with and without my script.
If my script doesn't make the situation worse and/or if the script is not entirely without function, then I strongly suggest that a "bad" rating is inappropriate. Same if it concerns things that are out-of-scope for user-scripts / TamperMonkey.

If you still think that something broke significantly at least partially within scope of what a user-script can do,
-> then please provide some more details of what exactly you are doing and where it doesn't work (click in dashboard?, click from single post?, from side-bar?, open via menu?, open via middle-mouse click?, etc.).

To clarify
Instead of "However, two things have changed:" I should have written "However, two things have been changed by bdsmlr:"

Thanks for the detailed explanation. I'm checking and think you're right, it's a BDSMLR issue. I think your script updated completely coincidentally around the same time they started this hotlinking issue. Random coincidence that seems unrelated to the script. Thanks anyway I'll look into referer control, that seems to be the issue for me too. Interesting I am noticing that even on a page where the image is loaded, none of my image-downloader extensions are able to grab it. Literally only native "save image" dialog will work. Oh well, not related to you. Thanks

Random coincidence that seems unrelated to the script.

Yup, the script works. It's the site that is preventing me downloading those links. Thanks for clarification.

Thanks for the update.
Cheers.

If you have downloading extensions, you can check if they support defining "referer" on a per-site basis.
Either by allowing you to specify a "referer" per site manually (the required referer here is "bdsmlr.com") - or by automatically setting the referer to same primary domain as the site that the URL is for (URL "https://cdn012.bdsmlr.com/..." would result in referer of "bdsmlr.com").
Both will cause bdsmlr to serve the actual image instead of redirecting to the dashboard.

Thanks for the info. I guess I'm doing something wrong because I can't get it to work. Chrome has a "Referer Control" extension, I'm listing "bdsmlr.com" as the referrer for all bdsmlr.com URLs (which is working based on the extension's logs):

Wed, May 8 8:04:02:
requested: https://ocdn012.bdsmlr.com/favicon.ico
with referer: https://ocdn012.bdsmlr.com/uploads/photos/2023/08/11231748/bdsmlr-11231748-9wJT7pqErV.jpg
matched filter: bdsmlr.com
sent referer: bdsmlr.com

But still, no Chrome image download extensions can download them. Browser's built in "save as..." will work. Weird. If you can think of anything let me know haha otherwise, this isn't really your issue so why am I asking you lol. Anyway the PicViewCE+ script seems to work so I'll just use that instead.

A referrer extension will influence what core Chrome itself is doing (and apparently successfully so).
However, a download extension might be completely independent of that.
The referrer extension is designed to work with core Chrome.
If the downloading extension doesn't use core Chrome features for downloading (which is very likely - otherwise, why would you ever need an extra extension if the Chrome core features were sufficient), then whatever the referrer extension does might well "bypass" the downloading extension.

That's why I mentioned that you might need a downloading extension that itself does support custom referrers itself.

In addition, CORS (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) might play a role - something that's enforced by the browser.
That said, in my bdsmlr script, simply adding the "referer" header helped - so I don't see how it would be CORS here.

All the above said, I'm mostly a Firefox person - Chrome/Chromium is not my main browser of choice... and I'm not an expert in CORS intricacies....
So, take all above with a grain of salt...

I’m wondering if it’s something to do with the header request? That thing that Reddit does now that prevents you from seeing an actual image by itself in a new tab, instead directing you to that annoying Reddit branded frame with the picture inside it. There’s a Chrome extension that can undo that behavior, but I don’t know exactly how it works. Obviously I don’t know a whole lot about this stuff. Since the bdsmlr images seem to load fine when they’re on the page but are redirecting when viewed on their own, I’m just guessing it’s something similar as what Reddit does now. Are you familiar with that? Something called “Shreddet” but again I don’t know a whole lot about it.

I think you’re right about the download extensions because I think they are basically trying to download the link/URL of the image and that’s why it’s failing: it’d be just like trying to open the image in a new tab. But right-click “Save as” works, seems like in that case it’s just saving the literal cached image that’s on the screen. Something like that. So that could be why the PicViewCE userscript manages to successfully work. I actually deleted my other pic downloading extensions and am just using that now since it works well enough for my needs on pretty much any site (and cross compatible!)

"But right-click “Save as” works, seems like in that case it’s just saving the literal cached image that’s on the screen. Something like that."

Caching does play a role, yes. If it's cached from a prior "correct" request.

However, the main point is what a "correct" request is.
Bdsmlr now requires a "referer" item in the request header, and it must be to a bdsmlr domain.
For example, "referer" = "https://bdsmlr.com/"

Without that, you get a 403 or redirected to dashboard or similar.
With it (and without CORS violation), bdsmlr serves the proper image.

If you are on the bdsmlr dashboard, and you then open an image link from within the dashboard (middle-mouse click or similar) -> then the browser open the new tab with that context. I.e.: the request from that new tab will include the referer header item.

If you open the exact same image link by pasting its URL manually into a new, empty tab (and without the image being in the browser cache) -> then you get the access denied and/or redirection.
Even though in the browser, the two tabs look otherwise identical.

Many downloading extensions normally do automatically send a matching referer - or can be configured to do so.
But if yours don't, then you likely won't get them to work with bdsmlr, anymore.

I think you're right: the referrer header modifying extensions are not applying to the image downloading extensions. I can now copy the image URLs and open them in manually created new tabs (which suggests the false referrer is being added to the browser's request for the image) but none of the image downloading extensions will grab it, which to me suggests that yeah, they're not following that header rule. I guess one extension can't modify another extension.

If you know of any one-click image downloader Chrome (actually Brave) extensions that can send modified referrer headers, let me know! :-)

Sorry, no clue.
I don't use browser-based extensions for downloading; and I also use Firefox, mostly.

For batch downloading, I recommend "JDownloader 2" (https://jdownloader.org/download/index?s=lng_en) plus the accompanying browser extension.

I actually already use Jdownloader! It manages to download images from BDSMLR, no problem.

Additionally, I checked the logs of one of my referrer header modifier Chrome extensions, and it does show up entries for when I try to use another Chrome extension to download the image, and the logs say that that download attempt (initiated by the extension) was intercepted by the header modifier extension and modified accordingly (adding bdsmlr.com as the referrer). That download still fails. Maybe something else is going on then?

I also tried a simple userscript that makes use of GM_download permissions: that does initiate a download of the image file with the correct filename and .jpg extension, but every file downloaded in that way is corrupted (actually, peeking inside with a plaintext editor, it’s just the anti-hot linking redirect code).

Somehow, of everything I try, only PicViewCE+ works. It seems overkill for what I want though. I wish I could figure out how it’s managing to do this. Haha can you tell I am kind of obsessed with this issue?

I apologize for interrupting your discussion, but can anyone share a BDSMLR account with me, please?

I apologize for interrupting your discussion, but can anyone share a BDSMLR account with me, please?

Sorry, I only have mine. They said they are suspending new sign ups while they are transitioning to a new server host. When that process is done they will restart new signups. But we have no idea how long it will take.