[loop cycle 6] fix(calls/capability): complete the Chrome high-entropy client-hints set#14
Merged
Conversation
…ints set The navigator.userAgentData shim's getHighEntropyValues() returned only a partial set (platform, platformVersion="", architecture, model, uaFullVersion). A strict Chrome capability/calling-eligibility check reads bitness, fullVersionList and wow64, and an empty platformVersion plus those missing keys can read as "not a real Chrome UA-CH implementation". Return the full, internally-consistent set matching the spoofed Chrome 131 UA: architecture "x86", bitness "64", brands (major) + fullVersionList (full versions), mobile false, model "", platform "Linux", platformVersion "6.0.0", uaFullVersion "131.0.0.0", wow64 false. The hints argument is intentionally ignored (the shim is the whole implementation); returning unrequested keys is harmless. Top-level brands/mobile/platform are unchanged. Verified in a real WebKitGTK engine (origin spoofed to web.whatsapp.com): getHighEntropyValues resolves with bitness "64", wow64 false, fullVersionList length 3 (Chrome "131.0.0.0"), platformVersion "6.0.0"; the top-level shim still reports 3 brands, mobile false, platform "Linux". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_016o9cWBaPy4zU4BAurUVoTp
karem505
added a commit
that referenced
this pull request
Jun 28, 2026
Bundles six loop-shipped fixes: - perf(dnd): stream dropped files as base64 to cut peak memory on large videos (#9) - fix(notifications): forward service-worker showNotification to the native toast (#10) - feat(calls): expose a minimal window.chrome so WhatsApp enables call buttons (#11) - fix(notifications): de-duplicate burst-repeated native toasts (#12) - fix(dnd): route AVIF/HEIF photos as photos; broaden MIME labels (#13) - fix(calls/capability): return a complete Chrome high-entropy client-hints set (#14) Plus integration: SW notifications share the dedup window; base64_encode is test-only now. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_016o9cWBaPy4zU4BAurUVoTp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Hardens the Chrome capability/calling detection. The
navigator.userAgentDatashim'sgetHighEntropyValues()returned only a partial set and leftplatformVersionempty. A strict check (the kind WhatsApp uses to decide capability and calling eligibility) readsbitness,fullVersionList, andwow64— their absence, plus an emptyplatformVersion, can read as "not a real Chrome UA-CH implementation."This complements cycle 3 (
window.chrome): together they present a consistent Chrome identity.How
Return the full, internally-consistent set matching the spoofed Chrome 131 UA:
x86(Chrome reports x86 for x86_64)64131)131.0.0.0)false/""Linux/6.0.0131.0.0.0/falseThe
hintsargument is intentionally ignored (the shim is the implementation); returning unrequested keys is harmless. Top-levelbrands/mobile/platformare unchanged.Verification
Gate 1 —
cargo build --locked+cargo test: PASS (51 tests).Gate 2 — real WebKitGTK engine harness (origin spoofed): PASS —
getHighEntropyValues([...])resolves withbitness:"64",wow64:false,fullVersionListlength 3 (Chrome131.0.0.0),platformVersion:"6.0.0",uaFullVersion:"131.0.0.0"; top-level shim still reports 3 brands, mobile false, platform Linux.Gate 3 — generation-blind code review: APPROVE, severity none, no must-fix. Confirmed
architecture:"x86"per WICG spec, the major-vs-full version split matches real Chrome, the new fields are correct for Linux x86_64, valid object literal (no duplicate keys, no NUL), and no regression (additions only make the identity more Chrome-like).🤖 PR-ONLY — do not auto-merge. Releasing whatRust is manual via a
v*tag; this loop never merges, bumps the version, or tags a release. Opened by thewhatrust-fix-loop(cycle 6/6 — final).