npm - unbrowse - Versions diffs - 2.8.2 → 2.8.3 - Mend

unbrowse 2.8.2 → 2.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js +5 -6
package/package.json +1 -1
package/runtime-src/execution/index.ts +9 -9

package/dist/cli.js CHANGED Viewed

@@ -11161,12 +11161,11 @@ async function executeEndpoint(skill, endpoint, params = {}, projection, options
         return `${c.name}=${v}`;
       }).join("; ");
       headers["cookie"] = cookieStr;
-      if (!headers["x-csrf-token"] && !headers["x-xsrf-token"]) {
-        const csrfCookie = cookies.find((c) => /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name));
-        if (csrfCookie) {
-          const v = csrfCookie.value.startsWith('"') && csrfCookie.value.endsWith('"') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
-          headers["x-csrf-token"] = v;
-        }
+      const csrfCookie = cookies.find((c) => /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name));
+      if (csrfCookie) {
+        const v = csrfCookie.value.startsWith(") && csrfCookie.value.endsWith(") ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
+        headers["x-csrf-token"] = v;
+        headers["x-xsrf-token"] = v;
       }
     }
     if (endpoint.csrf_plan && cookies.length > 0) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "2.8.2",
+  "version": "2.8.3",
   "description": "Reverse-engineer any website into reusable API skills. Zero-dep single binary with embedded browser engine.",
   "type": "module",
   "bin": {

package/runtime-src/execution/index.ts CHANGED Viewed

@@ -1880,15 +1880,15 @@ export async function executeEndpoint(
       headers["cookie"] = cookieStr;
       // CSRF token auto-detection (bird pattern): many sites require CSRF tokens
-      // as both a cookie AND a header. Detect common patterns and replay them.
-      if (!headers["x-csrf-token"] && !headers["x-xsrf-token"]) {
-        const csrfCookie = cookies.find((c) =>
-          /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name)
-        );
-        if (csrfCookie) {
-          const v = csrfCookie.value.startsWith('"') && csrfCookie.value.endsWith('"') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
-          headers["x-csrf-token"] = v;
-        }
+      // as both a cookie AND a header. The cookie value is always fresher than
+      // any stored vault header, so it ALWAYS overrides.
+      const csrfCookie = cookies.find((c) =>
+        /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name)
+      );
+      if (csrfCookie) {
+        const v = csrfCookie.value.startsWith(') && csrfCookie.value.endsWith(') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
+        headers["x-csrf-token"] = v;
+        headers["x-xsrf-token"] = v;
       }
     }