Remove the --false-start flag completely. In the Chrome version it has
no affect, and in the Firefox version it may cause connection errors.
This flag doesn't seem to affect TLS or HTTP signatures so is safe to
remove.
The flag seems to cause connection errors with some
http/2 servers. The server chooses http/2 based on alpn but curl
initiates a http/1.1 connection instead. This is an upstream bug in curl
that affects us as well.
* Upgrade baseline curl to 8.1.1
New curl version includes bugfixes, new options but mainly websocket
support which was long requested in curl impersonate. Upstream curl
reworked a lot of their http2 code which necessitated a lot of changes
on our side as well.
* Fix build on mac due to bad header priorities
On macos, clang gives priority to /usr/local/include
over locations specified with -isystem for some unknown reason. In turn
this causes clang to use the system's openssl, which conflicts with
curl-impersonate's boringssl headers.
To prevent that, disable curl's automatic conversion of -I flags to
-isystem.
* Upgrade zlib version
* Upgrade GitHub Mac runner to macos-12
* Upgrade nghttp2 version to 1.56.0
curl-8.1.1 uses an nghttp2 function that only exists in newer versions
of nghttp2.
Add support for impersonating Chrome 110. Chrome 110 comes with TLS
extension permutation enabled by default. We mimic this behavior in libcurl with
the new CURLOPT_SSL_PERMUTE_EXTENSIONS option, which enables the
corresponding flag in BoringSSL.
---------
Co-authored-by: Johann Saunier <saunier.johann@gmail.com>
Firefox impersonation was not updated in a long while. Add impersonation
for Firefox 109. The TLS signature is identical to previous versions,
with the usual changes to the HTTP headers.
Update NSS to the latest version as well, even though it is not
strictly necessary for the impersonation.
Python 3.11 breaks the gyp-next pip package which is used in the build
process to compile nss. It seems that gyp-next has no updated version to
fix that. Use Python 3.10 instead as a temporary fix.
Chrome 107 was recently released. The only difference in signature from
previous Chrome versions is that an HTTP2_NO_SERVER_PUSH setting is sent
in the HTTP2 SETTINGS frame.
Add more documentation on the following topics:
* Running `curl-impersonate` from the command line, including changing
the HTTP headers when needed.
* Using `libcurl-impersonate` in JS and PHP scripts.
When impersonating with libcurl, the built-in user agent used for
impersonation was overriding and useragent the user had set via
CURLOPT_USERAGENT. The fix takes care to specifically handle user agent
set with CURLOPT_USERAGENT and use it instead of the built-in one when
it is supplied.
Minimize the size of the resulting Docker image size by using
multi-stage build and copying the resulting binaries into a minimal
Debian system. This was done with the Alpine Docker images up until now
but not with the Debian images.
Let the user disable the built-in list of HTTP headers when using
libcurl-impersonate, either directly or when replacing it at runtime
with LD_PRELOAD. This is intended to give the user more precise control
over the content and order of the HTTP headers.
To support this, the curl_easy_impersonate() now has an added argument
that can be set to 0, in which case the built-in list of HTTP headers
used by libcurl-impersonate will not be automatically sent. Instead,
the user is expected to supply all the headers by themselves using the
standard CURLOPT_HTTPHEADER libcurl option.
When using LD_PRELOAD to inject libcurl-impersonate, one can disable
the built-in headers by setting the CURL_IMPERSONATE_HEADERS
environment variable to "no".
Cherry pick commit b9b6148c45a00d675d5bb261bf4cbb45468ad807 from
upstream curl to fix a bug in curl 7.84.0 which causes failures with the
'TE: Trailers' header.
