Upload CHANGELOG-v6.1.md
Browse files- CHANGELOG-v6.1.md +42 -0
CHANGELOG-v6.1.md
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
## v6.1 — Anti-Detection & Browser Impersonation Fix
|
| 2 |
+
|
| 3 |
+
### Critical Fix: Cloudflare/Bot Detection Bypass
|
| 4 |
+
|
| 5 |
+
The engine was being blocked by Cloudflare and other anti-bot systems because:
|
| 6 |
+
|
| 7 |
+
1. **User-Agent was `"BexEngine/6.0"`** — immediately flagged as bot
|
| 8 |
+
2. **Missing browser headers** — no `Sec-CH-UA`, `Sec-Fetch-*`, `Accept-Encoding`, etc.
|
| 9 |
+
3. **No HTTP/2** — real browsers always negotiate H2
|
| 10 |
+
4. **No cookie persistence** — CF challenges set cookies that must be sent on subsequent requests
|
| 11 |
+
5. **No compression** — browsers always send `Accept-Encoding: gzip, deflate, br`
|
| 12 |
+
|
| 13 |
+
### Changes (in `crates/bex-core/`):
|
| 14 |
+
|
| 15 |
+
**`config.rs`**: Default user_agent changed from `"BexEngine/6.0"` to a real Chrome 137 UA string. Timeouts increased from 15s to 30s (CF challenges can be slow).
|
| 16 |
+
|
| 17 |
+
**`http_service.rs`**: Complete rewrite of the HTTP layer:
|
| 18 |
+
- Real Chrome 137 default headers (Sec-CH-UA, Sec-Fetch-*, Accept-Encoding, etc.)
|
| 19 |
+
- HTTP/2 support enabled (Chrome always uses it)
|
| 20 |
+
- gzip/brotli/deflate decompression (browsers always send these)
|
| 21 |
+
- Cookie store (`cookie_store(true)`) for CF session persistence
|
| 22 |
+
- Auto-generates Referer from URL origin when not provided by plugin
|
| 23 |
+
- Plugin headers override defaults (so plugins can customize)
|
| 24 |
+
|
| 25 |
+
**`Cargo.toml`**: Added reqwest features: `gzip`, `brotli`, `deflate`, `cookies`, `http2`
|
| 26 |
+
|
| 27 |
+
### Testing Results:
|
| 28 |
+
|
| 29 |
+
| Site | Search | Episodes | Stream Resolution |
|
| 30 |
+
|------|--------|----------|-------------------|
|
| 31 |
+
| AnimeKai (anikai.to) | ✅ Works | ✅ Works | ⚠️ CF JS Challenge |
|
| 32 |
+
| enc-dec.app API | ✅ Works | N/A | N/A |
|
| 33 |
+
|
| 34 |
+
The stream resolution endpoint (`/ajax/links/view`) is behind a Cloudflare JS challenge that requires actual JavaScript execution. This needs the `bex-js` QuickJS engine to solve the CF challenge first. The `CloudflareKiller` approach from cloudstream uses a WebView for this.
|
| 35 |
+
|
| 36 |
+
### Remaining Work: CF Challenge Solver
|
| 37 |
+
|
| 38 |
+
For sites that use Cloudflare JS challenges on their API endpoints, we need:
|
| 39 |
+
1. A CF challenge solver using `bex-js` (QuickJS) that executes the challenge JS
|
| 40 |
+
2. Cookie persistence across the session so solved challenges don't need re-solving
|
| 41 |
+
3. The cookie store fix (already implemented) handles step 2 automatically
|
| 42 |
+
|