🐛 Fixed automatic Medium.com bookmark creation

[kevinansfield]

ref https://linear.app/ghost/issue/ONC-1429/
ref https://linear.app/ghost/issue/ONC-1451/

• Medium.com and Itch.com have added Cloudflare bot protection (or CF bot protection has changed) on their oEmbed endpoint that was preventing our oEmbed service from using it to create embeds when pasting links
• Changed the user-agent our oEmbed service uses to match latest Chrome which appears to bypass the current Cloudflare restrictions
  • the effectiveness of this technique for bypassing itch.com restrictions hasn't been consistent in testing but has shown improvement in some cases

[coderabbitai]

Walkthrough

The pull request updates the USER_AGENT string in the oEmbed service. The original user agent has been replaced with a Chrome/Chromium-based user agent. This modification changes the headers sent in external requests made by the oEmbed service when fetching pages. The change is minimal, affecting only a single line, and does not alter the service's logic or control flow.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title references Medium.com bookmark creation, but the actual change updates the USER_AGENT string for oEmbed requests and affects both Medium.com and Itch.com (per commit message). The title is partially related but incomplete.	Update the title to reflect the actual change: something like 'Updated oEmbed service user-agent to bypass bot protection' or 'Fixed oEmbed requests to Medium.com and Itch.com with updated Chrome user-agent'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description clearly relates to the changeset. It explains the motivation (Cloudflare bot protection on Medium.com and Itch.com), identifies the specific solution (updating user-agent to Chrome), and references relevant issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch oembed-chrome-user-agent

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cmraible]

@kevinansfield thanks! I've tried to make these same requests with the updated user agent from a staging server, and I've still gotten 403s — I think the requests are being blocked partly because they're coming from datacenter IPs. I'm going to deploy this to a staging site to make sure it's not something I'm doing wrong, but I don't think this will be enough to get around the blocks in staging/production.

[cmraible]

I've taken this for a spin on staging:

• ✅ Medium links work again, so this should fix ONC-1429
• ❌ itch.io links still do not, so this does not resolve ONC-1451

That said, Medium is probably much more commonly used, so this seems like a worthwhile fix to me. 🚢