test(e2e): run the real detectors (BotD + FingerprintJS OSS) on CI

Browse Source

Instead of only our hand-rolled signal checks, load the actual MIT detection
libraries against the patched binary and assert it isn't flagged:
- BotD (the client-side bot detector FingerprintJS Pro itself uses): detect()
  must return bot=false (no automation/headless tell).
- FingerprintJS OSS: visitorId present and stable across two fresh launches
  with the same seed (drift = per-session entropy = a bot tell).

Hermetic: the libs are vendored (tests/vendor/, pinned, MIT) and served from a
localhost server — no external CDN (Firefox tracking-protection blocks it
anyway), no IP/network dependency, runs identically on a dev box and the GitHub
runner. Both green locally against firefox-9.

...

This commit is contained in:

feder-cr

2026-06-09 17:53:11 +02:00

parent 8ba88958be

commit df4493d553

4 changed files with 1000 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

tests/vendor/fingerprintjs-5.2.0.umd.min.js

Vendored

+27

File diff suppressed because one or more lines are too long