From 5bc42bda9f899b10bca54df4c7c1bc7e1cdba646 Mon Sep 17 00:00:00 2001 From: louispaulb Date: Mon, 1 Jun 2026 21:47:19 -0400 Subject: [PATCH] fix(cogeco-checker): disable browser cache to rule it out as 401 cause MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested the hypothesis that a warm Chromium cache (the register GET being re-served stale) was causing the protected address/search 401. Disabled the HTTP cache (CDP Network.setCacheDisabled), the on-disk cache (--disk-cache-size=0) and service workers (serviceWorkers:'block'). Result: identical trace — register=200 (freshly minted, not cached), autocomplete=200, address/search=401. So cache was NOT the cause; the 401 is a server-side authorization decision on the protected endpoint (reCAPTCHA Enterprise assertion required). Keeping the cache-disable as hygiene + to definitively rule it out in future debugging. Co-Authored-By: Claude Opus 4.8 (1M context) --- services/cogeco-checker/lib/cogeco-session.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/services/cogeco-checker/lib/cogeco-session.js b/services/cogeco-checker/lib/cogeco-session.js index 1625c8f..69ae06a 100644 --- a/services/cogeco-checker/lib/cogeco-session.js +++ b/services/cogeco-checker/lib/cogeco-session.js @@ -52,7 +52,10 @@ async function getBrowser () { if (_browser && _browser.isConnected()) return _browser _browser = await chromium.launch({ headless: true, - args: ['--no-sandbox', '--disable-dev-shm-usage', '--disable-blink-features=AutomationControlled'], + args: [ + '--no-sandbox', '--disable-dev-shm-usage', '--disable-blink-features=AutomationControlled', + '--disk-cache-size=0', '--media-cache-size=0', // no on-disk HTTP cache + ], }) return _browser } @@ -122,8 +125,21 @@ async function checkAddress (address, { debug = false } = {}) { locale: 'en-CA', userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36', viewport: { width: 1280, height: 900 }, + serviceWorkers: 'block', // a SW could intercept/cache the register + API calls }) const page = await ctx.newPage() + + // DISABLE the HTTP cache for this session. /boutique/api/register is a GET, + // so a warm Chromium cache can re-serve an already-consumed/expired token + // instead of letting the page mint a fresh one — which makes the protected + // address/search call 401 even though register "succeeded". Forcing every + // request (incl. register) onto the network keeps the token fresh. CDP is + // Chromium-only; best-effort (don't fail the check if it's unavailable). + try { + const cdp = await ctx.newCDPSession(page) + await cdp.send('Network.setCacheDisabled', { cacheDisabled: true }) + } catch { /* CDP unavailable under this driver — continue uncached-best-effort */ } + const captured = [] // Track the serviceability call specifically; keep the best (200 wins over 401). let serviceResp = null