fingerprintjs / botd-integrations Goto Github PK
View Code? Open in Web Editor NEWBotd integrations with popular cloud platforms and CDNs.
License: MIT License
Botd integrations with popular cloud platforms and CDNs.
License: MIT License
End-user loads an example app.
This needs to be an actual CloudFlare or Fastly link
As this app is not a demo in itself, it becomes a demo of integration only once it's coupled with some kind of integration, e.g. CloudFlare.
We should use end-user
and end-user's browser
instead of ambiguous terms like 'client'.
We should only use requestID
everywhere. (or request-id
when describing cookie values)
Response from origin returns to client's browser with cookie botd-request-id.
I think this step needs expansion and further clarification, e.g. that the request ID is random and its value can be used to retrieve the bot detection results etc.
From the readme:
Checking the Emulate bot checkbox will replace User-Agent to Headless Chrome. It will force the bot branch of the flow.
(Chrome + FF Win10)
Emulate bot
checkbox.Exptected user agent: Headless Chrome
Actual user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
There are probably two issues
We are trying to set user agent like
Object.defineProperty(navigator, 'userAgent', {
get: function () {
return userAgent;
},
configurable: true,
});
Which doesn't work (Win10 Chrome and FF).
According to MDN documentation:
The User-Agent header is no longer forbidden header. It can be changed programatically by Fetch Headers object, or via XHR setRequestHeader().
Source: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
I believe we should change this implementation and tweak the user agent directly in the request instead.
Even if we change the user agent the way mentioned above, it won't work in Chromium browsers due to this bug. I believe we should add a note to readme as well as directly to the sample app's login screen - something like: 'This demo does not work correctly on Chromium-based browsers.'
Another way might be changing the user agent directly on CDN/integration provider or BE according to the bot: on
form data but I believe this might be confusing for users and must be explained properly.
botd-request-id
cookie should be HttpOnly
and Secure
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.