web: Spoof prototypes to prevent false positive bot detections #18157
Conversation
danielhjacobs
added
A-web
|
Thank you for this! Unfortunately it seems to break things, al of the tests are now failing with:
|
Thank you! Now things should work, and |
|
I want to look into this next week. |
| writable: false, | ||
| }); | ||
|
|
||
| // bypass TypeError on Firefox |
There was a problem hiding this comment.
Okay, I guess this wouldn't be Firefox specific. By changing the prototype of the RufflePluginArray all methods that we add to the prototype of course become inaccessible. If we want to go with this approach we should probably remove the RufflePluginArray class altogether, it's going to be more confusing than useful.
I have an alternative solution that still bypasses the somewhat weak BotD check using instanceof PluginArray. We can simply add the original prototype to the prototype chain of our new object.
There was a problem hiding this comment.
Ah sorry. This doesn't actually work for the MimeTypeArray. I think because the plugins that we "install" aren't an instance of MimeType.
There was a problem hiding this comment.
I guess this wouldn't be Firefox specific.
Yeah that's the case.
We can simply add the original prototype to the prototype chain of our new object.
I tried that initially, but constructing the object seems to always give this error: typeerror: Illegal constructor.
There was a problem hiding this comment.
Using a lot Object.defineProperty is indeed confusing. I can use this instead:
// bypass TypeError
for (const method of ["namedItem", "refresh", "item"]) {
// @ts-expect-error: We're adding a method to the object
navigator.plugins[method] = proto[method];
}
Some bot detection libraries will detect the prototypes for
navigator.plugins.Current extension will cause false positives in such detections. (for example: by BotD)
This PR includes code that spoofs prototypes of related objects.