ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

revert: remove client-side bot detection from tracking script

Browse Source 
Server-side heuristic scoring already catches these patterns via
IsSuspiciousEvent. Client-side checks are trivially bypassable
(script is public) and add payload weight for all real users.
This commit is contained in:
Usman Baig
2026-03-17 10:19:29 +01:00
parent d45d39aa60
commit ebd25770b4
1 changed files with 0 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
public/script.js
View File

@@ -18,20 +18,6 @@
return; return;
} }
// * Skip likely bots: headless Chrome fingerprints and known bot viewports
var isChrome = /Chrome/.test(navigator.userAgent) && !/Edg/.test(navigator.userAgent);
if (
// * Headless Chrome has zero plugins (real Chrome always has at least 1; Firefox excluded — it legitimately reports 0)
(isChrome && navigator.plugins && navigator.plugins.length === 0) ||
// * Headless Chrome lacks the chrome runtime object
(isChrome && !window.chrome) ||
// * No outer window dimensions — headless or hidden browser
(window.outerWidth === 0 || window.outerHeight === 0) ||
// * Default headless viewport: exactly 1024x1024 (no real monitor uses this)
(window.innerWidth === 1024 && window.innerHeight === 1024)
) {
return;
}
// * Get domain from script tag // * Get domain from script tag
const script = document.currentScript || document.querySelector('script[data-domain]'); const script = document.currentScript || document.querySelector('script[data-domain]');