Page 3 of 3

Re: Google Sign-in deprecation schedule

PostPosted: Wed Jul 07, 2021 8:44 am
by Czarek
ndesktop wrote:As of 4430:
- paying/G suite login just works
- free accounts (gmail.com, accounts.google.com, youtube.com etc.) do not work.
In order to make it work a patched CEF using another accepted user agent is now required.

So from what I understand seting CefSettings.user_agent is not enough, because that changes only HTTP header. You also need to change user agent in JavaScript possibly by injecting custom js code. And that resolves the issue?

Re: Google Sign-in deprecation schedule

PostPosted: Thu Jul 08, 2021 1:00 am
by ndesktop
Czarek wrote:
ndesktop wrote:As of 4430:
- paying/G suite login just works
- free accounts (gmail.com, accounts.google.com, youtube.com etc.) do not work.
In order to make it work a patched CEF using another accepted user agent is now required.

So from what I understand seting CefSettings.user_agent is not enough, because that changes only HTTP header. You also need to change user agent in JavaScript possibly by injecting custom js code. And that resolves the issue?

As I mentioned, I solved this by patching CEF.
I am not using custom JS code (I suppose what I did is similar to what you mean by "injecting custom JS code", only I needed on C++ level because I am integrating in a C++ solution).

In short, what I have done is:
- add a new method to CefRequestHandler
Code: Select all
  ///
  // Gives the opportunity to override user agent before the request becomes
  // readonly.
  ///
  virtual bool GetOverrideUserAgent(CefRefPtr<CefBrowser> browser,
                                    CefRefPtr<CefDictionaryValue> request_info,
                                    CefString& overrideUserAgent) {
    return false;
  }

If a client implements this method, it should set overrideUserAgent and return true, otherwise return false for the default behavior.
|request_info| is currently a dictionary of strings, with various keys (currently only "url" is defined) for passing data from the request handler wrapper (InterceptedRequestHandlerWrapper - see below) to the client.
- This will be overriden in cefclient's ClientHandler by combining passed |request_info| and decide using application custom logic if a certain UA should be used, for example if |requst_info| has an "url" key and the host of this url is gmail.com, then set overrideUserAgent to "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0" and return true.
- the implementation is called from InterceptedRequestHandlerWrapper::OnBeforeRequest; after
Code: Select all
    request->headers.SetHeaderIfMissing(net::HttpRequestHeaders::kUserAgent,
                                                            init_state_->user_agent_);

is called, then the last chance if offered to the client by calling CefRequestHandler::GetOverrideUserAgent.
If this returns true and the returned UA is not empty, then another call to is issued with the value returned from client (excerpt from 90 patched):
Code: Select all
...
    // Add standard headers, if currently unspecified.
    request->headers.SetHeaderIfMissing(
        net::HttpRequestHeaders::kAcceptLanguage,
        init_state_->accept_language_);

    request->headers.SetHeaderIfMissing(net::HttpRequestHeaders::kUserAgent,
                                        init_state_->user_agent_);
+   // if browser says otherwise, override with it
+   std::string browser_user_agent =
+     GetUserAgentFromBrowser(init_state_->browser_, request->url);
+   if(!browser_user_agent.empty()) {
+     request->headers.SetHeader(net::HttpRequestHeaders::kUserAgent,
+                                browser_user_agent);
+   }
+
    const bool is_external = IsExternalRequest(request);
...

GetUserAgentFromBrowser is a helper function that calls GetOverrideUserAgent (it just creates a CefDictionaryValue, set "url" key to url.spec() and does the call).

Until now, it seems working.

Re: Google Sign-in deprecation schedule

PostPosted: Thu Jul 08, 2021 4:01 am
by finder2
I even can't post a comment on YT from CEF.
YT ghosts all of them if I post it from CEF.
Guys, can you try posting on YT?

Google is killing CEF step by step.

Re: Google Sign-in deprecation schedule

PostPosted: Thu Jul 08, 2021 7:04 am
by ndesktop
finder2 wrote:I even can't post a comment on YT from CEF.
YT ghosts all of them if I post it from CEF.
Guys, can you try posting on YT?

Google is killing CEF step by step.

Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.

Re: Google Sign-in deprecation schedule

PostPosted: Thu Jul 08, 2021 7:10 am
by finder2
ndesktop wrote:Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.


I used FireFox UA to login and could send commentsm but YT deletes all of them automatically.
Have you tried YT posting? Are the comments visible for guests after posting?

Re: Google Sign-in deprecation schedule

PostPosted: Fri Jul 09, 2021 6:28 am
by ndesktop
finder2 wrote:
ndesktop wrote:Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.


I used FireFox UA to login and could send commentsm but YT deletes all of them automatically.
Have you tried YT posting? Are the comments visible for guests after posting?

That is different than the login not working, but point taken. YT might have employed their own methods to detect CEF and instead of rejecting CEF, simply might make them invisible.
And yes, it seems logging in from a CEF-based app into youtube - even with a G-Suite paying account - does not show the comments.

Re: Google Sign-in deprecation schedule

PostPosted: Fri Feb 04, 2022 10:37 am
by rado
Thank you for the "GetOverrideUserAgent" patch, I'll try it, but could patch be implemented into main CEF branch? It would not be practical to patch and rebuild CEF each time new version comes.

From security point of view I don't get how this google idea would increase security. If user installs "malware" browser, even if it cannot open google auth page directly, only redirect user to system browser, it has control over system so it can intercept password by keylogger or even "patch" system browser to get the password, etc.

Re: Google Sign-in deprecation schedule

PostPosted: Fri Feb 04, 2022 2:56 pm
by amaitland
You can change the user agent at runtime using the DevTools protocol.

https://bitbucket.org/chromiumembedded/ ... ation-over
https://chromedevtools.github.io/devtoo ... ntOverride

No need to patch CEF