Skip to content

fix: Ensured navigator.webdriver != true in launched Chromium #3553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 19, 2025
Merged

fix: Ensured navigator.webdriver != true in launched Chromium #3553

merged 1 commit into from
Nov 19, 2025

Conversation

@rnwst
Copy link
Contributor

@rnwst rnwst commented Nov 13, 2025
edited by Rob--W
Loading

The --remote-debugging-pipe flag causes navigator.webdriver == true in the launched Chromium instance (provided there is no existing Chromium instance). Flags need to be added to prevent this, otherwise many websites with bot detection features are broken.

Fixes #3511

Rob--W
Rob--W reviewed Nov 13, 2025
View reviewed changes
@rnwst
Copy link
Contributor Author

rnwst commented Nov 13, 2025

@Rob--W -- thanks for the review and the link to the issue, I hadn't realised that this is a known issue. Without --test-type, the message shown by Chromium is rather annoying. I also discovered in my testing that the --remote-debugging-port option does not exhibit the above issue, so a potential solution could be to switch to that instead. Before I start looking into that, are there any reasons you can think of why this solution wouldn't work or wouldn't be desired?

@Rob--W
Copy link
Member

Rob--W commented Nov 13, 2025

@Rob--W -- thanks for the review and the link to the issue, I hadn't realised that this is a known issue. Without --test-type, the message shown by Chromium is rather annoying.

Even without --test-type set by default, you can start web-ext run with --args=--test-type (or its shorthand) if you'd like.

I also discovered in my testing that the --remote-debugging-port option does not exhibit the above issue, so a potential solution could be to switch to that instead. Before I start looking into that, are there any reasons you can think of why this solution wouldn't work or wouldn't be desired?

The --remote-debugging-port option does not allow loading of extensions, see #3388.

For this and other alternatives that I considered, see #3388 (comment)

@rnwst rnwst closed this Nov 14, 2025
@rnwst rnwst force-pushed the fix/chromium-automation-detection branch from 31156d9 to b9c0705 Compare November 14, 2025 18:29
@rnwst rnwst reopened this Nov 14, 2025
@rnwst rnwst force-pushed the fix/chromium-automation-detection branch from b9c0705 to 4e1ac19 Compare November 14, 2025 18:33
@rnwst
Copy link
Contributor Author

rnwst commented Nov 14, 2025

@Rob--W -- I removed the --test-type flag and added logic to avoid passing --disable-blink-features=AutomationControlled when --enable-blink-features is set with AutomationControlled. I think the right place to mention --test-type would be in the documentation, though I couldn't find the source for that.

Not sure why the dependency audit is failing, I didn't change any dependencies.

Rob--W
Rob--W approved these changes Nov 15, 2025
View reviewed changes
Copy link
Member

@Rob--W Rob--W left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@rnwst rnwst force-pushed the fix/chromium-automation-detection branch from 4e1ac19 to 868a3f1 Compare November 15, 2025 23:00
@rnwst
Copy link
Contributor Author

rnwst commented Nov 15, 2025

@Rob--W -- Thanks for the suggestions, I've committed those now.

Rob--W
Rob--W reviewed Nov 15, 2025
View reviewed changes
@rnwst
fix: Ensured navigator.webdriver != true in launched Chromium
50fe713 
The `--remote-debugging-pipe` flag causes `navigator.webdriver == true`
in the launched Chromium instance (provided there is no existing
Chromium instance). The `--disable-blink-features=AutomationControlled`
flag needs to be passed to prevent this and avoid breaking websites with
bot detection features.
@rnwst rnwst force-pushed the fix/chromium-automation-detection branch from 868a3f1 to 50fe713 Compare November 15, 2025 23:38
Rob--W
Rob--W approved these changes Nov 16, 2025
View reviewed changes
Copy link
Member

@Rob--W Rob--W left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Marking as approved to clearly signal that the current shape of the patch looks good to me. In a comment I suggested a way to improve test coverage further, but it is not required for merging.

I'll let another team member do the actual merge and release since I am travelling.

@willdurand willdurand merged commit 1c6e429 into mozilla:master Nov 19, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rob--W Rob--W Rob--W approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Chromium launched via web-ext run is marked unsafe by Google, works fine when launched directly

3 participants

@rnwst @Rob--W @willdurand