| ▲ | ec109685 a year ago | |||||||||||||
There are API’s that chrome provides that allows servers to validate whether the request came from an official chrome browser. That would detect that this curl isn’t really chrome. It’d be nice if something could support curl’s arguments but drive an actual headless chrome browser. | ||||||||||||||
| ▲ | darrenf a year ago | parent | next [-] | |||||||||||||
Are you referring to the Web Environment Integrity[0] stuff, or something else? 'cos WEI was abandoned in late 2023. [0] https://github.com/explainers-by-googlers/Web-Environment-In... | ||||||||||||||
| ▲ | do_not_redeem a year ago | parent | prev | next [-] | |||||||||||||
Siblings are being more charitable about this, but I just don't think what you're suggesting is even possible. An HTTP client sends a request. The server sends a response. The request and response are made of bytes. Any bytes Chrome can send, curl-impersonate could also send. Chromium is open source. If there was some super secret handshake, anyone could copy that code to curl-impersonate. And if it's only in closed-source Chrome, someone will disassemble it and copy it over anyway. | ||||||||||||||
| ||||||||||||||
| ▲ | binarymax a year ago | parent | prev | next [-] | |||||||||||||
I’m interested in learning more about this. Are these APIs documented anywhere and are there server side implementation examples that you know of? EDIT: this is the closest I could find. https://developers.google.com/chrome/verified-access/overvie... ...but it's not generic enough to lead me to the declaration you made. | ||||||||||||||
| ||||||||||||||
| ▲ | bowmessage a year ago | parent | prev [-] | |||||||||||||
There’s no way this couldn’t be replicated by a special build of curl. | ||||||||||||||