Access to iframe content

[omiplaygame]

Lost access to iframe content, is there any way to fix this?
What I tried:

await page.setBypassCSP(false); --disable-gpu-sandbox

[nwebson]

What do you mean by lost? Was it working before the patches? Do you use the latest patches version?
Please share your code.

[omiplaygame]

After the patch

Example code:

`process.env.REBROWSER_PATCHES_RUNTIME_FIX_MODE = "alwaysIsolated"
process.env.REBROWSER_PATCHES_UTILITY_WORLD_NAME = "customUtilityWorld"

import puppeteer from 'rebrowser-puppeteer-core';

(async () =>
{
try {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto('https://accounts.hcaptcha.com/demo');

// Maybe we need to wait a little longer
await new Promise(resolve => setTimeout(resolve, 2000));

const iframeSrc = 'https://newassets.hcaptcha.com/captcha/v1/';
const iframe = page.frames().find(frame => frame.url().includes(iframeSrc));

// we can't access the context of the frame
const challenge = await iframe.$('.challenge');

await browser.close();
}
catch(e)
{
console.error(e);
}

})();`

We don't have access to the frame context, if we set 'enableDisable' instead of 'alwaysIsolated' we can access the frame but cpd will be detected

One solution I found is to use postMessage and process everything in evaluateOnNewDocument

[nwebson]

You should use REBROWSER_PATCHES_RUNTIME_FIX_MODE=addBinding or just delete this variable at all as it's the default value anyway. This approach has access to iframes.

[omiplaygame]

Yes, i know it will work, but some websites detect it. It only works if you use process.env.REBROWSER_PATCHES_RUNTIME_FIX_MODE = "alwaysIsolated"

[nwebson]

Do you have any examples when it's being detected?

[omiplaygame]

Repeating this will be difficult as we need to recognize the captcha. Here we will be dealing with an iframe and will encounter the following:

1. When authorizing in a real browser, the captcha is not shown, but only after several attempts. Rather, the problem is emulating the "await username?.type" type input.
2. Even if your username and password are correct, the response will always say that the username or password is incorrect. In a real browser, everything is fine
3. The site uses hidden hcaptcha and some kind of bot check.

The most important problem is the second point. Even if we solved the captcha, the password will always be wrong and this is a signal that the site has identified you as a bot. When we use alwaysIsolated and the example from https://rebrowser.net/blog/how-to-access-main-context-objects-from-isolated-context-in-puppeteer-and-playwright, everything is fine, the CSP is not detected. You can use this approach for the frame as well.

Your solution works well if we, for example, submit a form via postMessage, submit a button selector, and in evaluateOnNewDocument click, while manually entering the username at the same time

Example:

process.env.REBROWSER_PATCHES_RUNTIME_FIX_MODE = "addBinding"
process.env.REBROWSER_PATCHES_UTILITY_WORLD_NAME = "customUtilityWorld"

import puppeteer from 'rebrowser-puppeteer-core';

(async () =>
{
	function random(min: number, max: number): number
	{
		return Math.round(Math.random() * (max - min) + min);
	}

	async function sleep(timeout: number): Promise<void>
	{
		return new Promise(resolve => setTimeout(resolve, timeout));
	}

	try
	{
		const browser = await puppeteer.launch({
			executablePath: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
			headless: false
		});
		const page = await browser.newPage();

		await page.setExtraHTTPHeaders({
			"Referer": "https://www.riotgames.com/"
		});

		await page.goto("https://xsso.riotgames.com/login",
			{ timeout: 45000, waitUntil: ["domcontentloaded", "networkidle2"] });

		// Maybe we need to wait a little longer
		await sleep(2000);

		const login = "your_login";
		const pass = "your_pass";

		const form = await page.waitForSelector("form");
		const username = await form.$("input[name='username']");
		const password = await form.$("input[name='password']");
		const btnSignInName = "button[data-testid='btn-signin-submit']";

		await username.click({ delay: random(50, 90) });
		await username?.type(login, { delay: random(40, 120) });

		await page.keyboard.press('Tab', { delay: random(50, 90) });

		await password.click({ delay: random(50, 90) });
		await password?.type(pass, { delay: random(50, 90) });

		await sleep(2000);

		await page.waitForFunction((btnSignInName) =>
		{
			const button = document.querySelector(btnSignInName) as HTMLButtonElement;
			return !button?.disabled;
		},
			{ timeout: 10000 }, btnSignInName);

		console.log("Button is enabled");

		btnSignInName && await page.click(btnSignInName);

		await sleep(20000);

		await browser.close();
	}
	catch (e)
	{
		console.error(e);
	}

})()