From 930814015b43d0bcda398bfad8242e6c486fa29e Mon Sep 17 00:00:00 2001
From: sal <sal@salmutt.dev>
Date: Sun, 1 Mar 2026 16:13:18 -0600
Subject: [PATCH] Skip User-Agent spoofing on Google auth domains to fix login
 rejection

Google's login detects UA mismatches and blocks sign-in as "insecure."
Skip UA/Accept-Language header modification and JS navigator.userAgent
override on accounts.google.com and accounts.youtube.com. All other
fingerprint vectors (canvas, WebGL, screen, etc.) remain active.
---
 background.js |  9 +++++++++
 inject.js     | 36 +++++++++++++++++++++++++++++++-----
 2 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/background.js b/background.js
index 180bc10..f18b907 100644
--- a/background.js
+++ b/background.js
@@ -444,12 +444,21 @@ function formatAcceptLanguage(languages) {
   }).join(",");
 }
 
+// Auth domains where UA spoofing breaks login flows
+const AUTH_BYPASS_DOMAINS = ["accounts.google.com", "accounts.youtube.com"];
+
 browser.webRequest.onBeforeSendHeaders.addListener(
   function(details) {
     // cookieStoreId is available in Firefox 77+ webRequest details
     const profile = containerProfiles[details.cookieStoreId];
     if (!profile) return {};
 
+    // Skip UA spoofing on auth domains so login isn't rejected
+    try {
+      const host = new URL(details.url).hostname;
+      if (AUTH_BYPASS_DOMAINS.includes(host)) return {};
+    } catch(e) {}
+
     const headers = details.requestHeaders;
     // Map platform to Client Hints platform name
     const platformMap = {
diff --git a/inject.js b/inject.js
index 13e122c..e0feab5 100644
--- a/inject.js
+++ b/inject.js
@@ -170,6 +170,16 @@
   // =========================================================================
 
   if (vectorEnabled("navigator")) {
+    // Auth domains where UA spoofing breaks login — return real values there
+    const AUTH_BYPASS_DOMAINS = ["accounts.google.com", "accounts.youtube.com"];
+    const UA_PROPS = new Set(["userAgent", "appVersion", "oscpu"]);
+
+    // Capture real values before any overrides
+    const realNav = {};
+    for (const p of UA_PROPS) {
+      try { realNav[p] = window.navigator[p]; } catch(e) {}
+    }
+
     const navOverrides = {
       hardwareConcurrency: CONFIG.nav.hardwareConcurrency,
       platform: CONFIG.nav.platform,
@@ -182,11 +192,27 @@
 
     for (const [prop, value] of Object.entries(navOverrides)) {
       if (value !== undefined) {
-        Object.defineProperty(pageWindow.Navigator.prototype, prop, {
-          get: exportFunction(function() { return value; }, pageWindow),
-          configurable: true,
-          enumerable: true
-        });
+        if (UA_PROPS.has(prop)) {
+          // UA-related props: return real value on auth domains
+          const realValue = realNav[prop];
+          Object.defineProperty(pageWindow.Navigator.prototype, prop, {
+            get: exportFunction(function() {
+              try {
+                const h = pageWindow.location.hostname;
+                if (AUTH_BYPASS_DOMAINS.indexOf(h) !== -1) return realValue;
+              } catch(e) {}
+              return value;
+            }, pageWindow),
+            configurable: true,
+            enumerable: true
+          });
+        } else {
+          Object.defineProperty(pageWindow.Navigator.prototype, prop, {
+            get: exportFunction(function() { return value; }, pageWindow),
+            configurable: true,
+            enumerable: true
+          });
+        }
       }
     }