feat(1.0.10): experimental chrome.* spoof for Google embedded-browser detection
Inject chrome.app, chrome.runtime, chrome.csi, chrome.loadTimes,
navigator.permissions.query wrapper via executeJavaScript on dom-ready
for every view. Goal: pass Google's JS-side embedded-browser detector
("Возможно, этот браузер небезопасны") by exposing the same chrome.*
shape real Chrome does.
Caveats acknowledged upfront:
- dom-ready fires AFTER <head> scripts, so detection scripts there have
already seen the un-spoofed environment. Helps only if Google re-checks
on form submit / later events.
- TLS fingerprint (JA3/JA4) is server-side. If Google flags us there,
no client-side spoof works. This is a best-effort attempt.
No webPreferences changes — keeps contextIsolation:true and
sandbox-equivalent isolation intact. If this fails we lose nothing
architecturally and revert is trivial.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "ESH-Media",
|
||||
"version": "1.0.9",
|
||||
"version": "1.0.10",
|
||||
"private": true,
|
||||
"main": "main.js",
|
||||
"scripts": {
|
||||
|
||||
Reference in New Issue
Block a user