Skip User-Agent spoofing on Google auth domains to fix login rejection

Google's login detects UA mismatches and blocks sign-in as "insecure." Skip UA/Accept-Language header modification and JS navigator.userAgent override on accounts.google.com and accounts.youtube.com. All other fingerprint vectors (canvas, WebGL, screen, etc.) remain active.
2026-03-01 16:13:18 -06:00
parent 159cbdf5ed
commit 930814015b
2 changed files with 40 additions and 5 deletions
--- a/background.js
+++ b/background.js
@@ -444,12 +444,21 @@ function formatAcceptLanguage(languages) {
  }).join(",");
 }

+// Auth domains where UA spoofing breaks login flows
+const AUTH_BYPASS_DOMAINS = ["accounts.google.com", "accounts.youtube.com"];
+
 browser.webRequest.onBeforeSendHeaders.addListener(
  function(details) {
    // cookieStoreId is available in Firefox 77+ webRequest details
    const profile = containerProfiles[details.cookieStoreId];
    if (!profile) return {};

+    // Skip UA spoofing on auth domains so login isn't rejected
+    try {
+      const host = new URL(details.url).hostname;
+      if (AUTH_BYPASS_DOMAINS.includes(host)) return {};
+    } catch(e) {}
+
    const headers = details.requestHeaders;
    // Map platform to Client Hints platform name
    const platformMap = {