Make embedded sessions identify as Firefox from startup#437
Merged
Conversation
Google sign-in rejected the embedded Electron browser when identity was changed late or exposed Chromium/Electron client hints. This centralizes the browser identity in main/session startup, removes the renderer-level webdriver override, and strips UA client hints from outgoing requests so Google sees a consistent Firefox-compatible profile before navigation begins. Constraint: Google blocks Electron-style and automation-like sign-in surfaces Rejected: Navigation-time CDP user-agent switching | crashed during auth redirects and changed identity too late Rejected: JavaScript navigator.webdriver shims | user explicitly wanted no JS-level spoofing Confidence: medium Scope-risk: moderate Directive: Do not reintroduce Google-specific navigation-time identity switching without reproducing auth redirects and crash behavior Tested: cd app && npm run test -- tests/unit/sessions/browserIdentity.test.ts Tested: task typecheck Not-tested: Full manual Google sign-in in a freshly restarted packaged app by this agent
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Bring the feature/chat-view baseline into the bot-detection branch while preserving the Firefox-compatible browser identity from startup. The conflict resolution keeps main's chatfile protocol and preview parking changes alongside the branch's UA/header hardening, and updates CDP ownership verification to accept the intentional app-level UA. Constraint: PR branch must be refreshed against origin/main before review Rejected: Rebase | branch is already pushed and has an open PR Confidence: medium Scope-risk: moderate Tested: yarn install --frozen-lockfile Tested: task typecheck Tested: task lint (0 errors, 91 warnings) Tested: npm run test -- tests/unit/startup/cli.test.ts tests/unit/sessions/browserIdentity.test.ts tests/unit/sessions/BrowserPool.test.ts tests/unit/protocols/chatfile.test.ts tests/unit/sessions/SessionScreencast.test.ts Not-tested: Full app runtime Google sign-in after merge
Move the default CDP listener off the conventional 9222 debugging port, keep the Firefox user-agent behavior covered in BrowserPool tests, and preserve imported Google cookies whose host-only or empty-value shape matters for sign-in continuity. Constraint: Google sign-in is sensitive to embedded-browser and automation surfaces Rejected: Keep 9222 as the default CDP port | it is the conventional Chrome debugging port and easy for detection scripts or local Chrome collisions to probe Rejected: Always set Electron cookie domain | host-only __Host cookies become invalid when a domain attribute is supplied Confidence: medium Scope-risk: moderate Tested: npm run test -- tests/unit/chrome-import/cookies.test.ts tests/unit/startup/cli.test.ts tests/unit/sessions/BrowserPool.test.ts tests/unit/sessions/browserIdentity.test.ts Tested: task typecheck Not-tested: Full live Google sign-in flow by this commit author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Testing
Notes
Summary by cubic
Make embedded sessions present as Firefox from startup to avoid Google sign‑in blocks and bot detection. Identity is applied app‑wide and we reduced other detection surfaces (CDP port and cookie import).
Bug Fixes
browserIdentity(UA, language, platform). Applied at startup viaapp.userAgentFallback,session.defaultSession(UA +Accept-Language),webRequest.onBeforeSendHeaders, and per‑view inBrowserPool.withBrowserIdentityHeaders. DisabledAutomationControlledand UA Client Hints; enabledWebShare.verifyCdpOwnershipto accept the app UA.electronCookieDetailsForImportto preserve host‑only cookies and empty values.navigator.webdrivershim. Added unit tests for identity, headers, cookies, CLI port logic, andBrowserPool.Refactors
mainand kept chatfile protocol and preview parking updates alongside identity hardening.Written for commit 2f29c6e. Summary will update on new commits. Review in cubic