From 876b5f767258d5656a61b9763a7736ccaeca4292 Mon Sep 17 00:00:00 2001
From: helpimnotdrowning <35247379+helpimnotdrowning@users.noreply.github.com>
Date: Thu, 26 Jun 2025 15:29:20 -0500
Subject: [PATCH] [ie/kick] Extract sub-only downloads

`XSRF-TOKEN` cookie was no longer being passed so downloads would 403. Found that `session_token` now contained the expected value.
---
 yt_dlp/extractor/kick.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/yt_dlp/extractor/kick.py b/yt_dlp/extractor/kick.py
index 1f001d421..13427d916 100644
--- a/yt_dlp/extractor/kick.py
+++ b/yt_dlp/extractor/kick.py
@@ -1,4 +1,6 @@
 
+from urllib import parse
+
 from .common import InfoExtractor
 from ..networking import HEADRequest
 from ..utils import (
@@ -19,13 +21,12 @@ class KickBaseIE(InfoExtractor):
     def _real_initialize(self):
         self._request_webpage(
             HEADRequest('https://kick.com/'), None, 'Setting up session', fatal=False, impersonate=True)
-        xsrf_token = self._get_cookies('https://kick.com/').get('XSRF-TOKEN')
-        if not xsrf_token:
-            self.write_debug('kick.com did not set XSRF-TOKEN cookie')
+        session_token = self._get_cookies('https://kick.com/').get('session_token')
+        if not session_token:
+            self.write_debug('kick.com did not set session_token cookie')
         KickBaseIE._API_HEADERS = {
-            'Authorization': f'Bearer {xsrf_token.value}',
-            'X-XSRF-TOKEN': xsrf_token.value,
-        } if xsrf_token else {}
+            'Authorization': f'Bearer {parse.unquote(session_token.value)}',
+        } if session_token else {}
 
     def _call_api(self, path, display_id, note='Downloading API JSON', headers={}, **kwargs):
         return self._download_json(