Skip to content

Patchright (not Playwright) for PP login — clears Cloudflare#9

Merged
ak2k merged 1 commit into
mainfrom
worktree-pp-patchright-stealth
May 15, 2026
Merged

Patchright (not Playwright) for PP login — clears Cloudflare#9
ak2k merged 1 commit into
mainfrom
worktree-pp-patchright-stealth

Conversation

@ak2k

@ak2k ak2k commented May 15, 2026

Copy link
Copy Markdown
Owner

Summary

flight auth pp login's headed-browser path stopped working: pointspath.com sits behind Cloudflare, and stock Playwright trips three detection signals it can't hide (navigator.webdriver, CDP Runtime.enable leak, JA3 TLS fingerprint).

Swap to Patchright — a drop-in Playwright fork that patches the CDP leak and navigator.webdriver at the source level. Launch with channel="chrome" to use the real Chrome binary (whose TLS fingerprint matches real traffic) plus launch_persistent_context(user_data_dir=…) so cf_clearance cookies persist between runs.

Verified the choice via pplx + WebSearch — Patchright is the actively-maintained 2026 consensus pick for Cloudflare-resistant Playwright work, and confirmed Patchright Python exists on PyPI tracking upstream 1.59.x.

Changes

  • src/flight_cli/pp/auth.py: login_via_browser switched from playwright.sync_apipatchright.sync_api. Uses launch_persistent_context with a profile under ~/.cache/flight-cli/browser-profile/, channel="chrome", headless=False.
  • pyproject.toml: browser-login extra renamed playwright>=1.40patchright>=1.59; same for dev deps.
  • README.md + pp_login help text: install instructions point at uv run --with patchright + one-time uvx --from patchright patchright install chrome.

Test plan

  • make check green: 115 passing.
  • Manual: uvx --from patchright patchright install chrome (one-time).
  • Manual: uv run --with patchright flight auth pp login — verify Cloudflare's human-check resolves (one click), PP login completes, flight auth pp whoami confirms.
  • Re-run flight auth pp login after the first success — cf_clearance should already be in the persisted profile, so the human-check shouldn't reappear.

Sources

Stock Playwright fails Cloudflare's bot fingerprint check on pointspath.com
because of three signals it can't hide:
  - navigator.webdriver=true (W3C-mandated for Playwright)
  - CDP Runtime.enable leak (anti-bot scripts watch for this specifically)
  - Playwright's bundled Chromium JA3/JA4 TLS fingerprint doesn't match
    any real Chrome release

Patchright is a drop-in Playwright fork that patches the first two at the
source level. Using channel="chrome" makes us launch the real Chrome
binary, fixing the third.

The login now uses launch_persistent_context with a profile dir at
~/.cache/flight-cli/browser-profile/ so cf_clearance cookies persist
across runs — the user only has to clear the human-check once.

Optional install extra renamed: browser-login now requires patchright>=1.59
instead of playwright>=1.40. README + login command help text updated to
point at `uv run --with patchright` and `patchright install chrome`.
@ak2k ak2k merged commit 91d33b3 into main May 15, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant