search

juftin / camply

camply, the campsite finder ⛺️ - a tool to find campsites at sold out campgrounds through sites like recreation.gov
https://juftin.com/camply/
MIT License
464 stars 89 forks source link

🐛 add accept-language header to goingtocamp requests #340

Closed regaw-leinad closed 3 months ago

regaw-leinad commented 3 months ago

Description

This PR addresses the issue reported in #328, where API requests from camply to the GoingToCamp WA site were being blocked by DataDome, resulting in a 403 captcha error.

Upon examining the network requests on the GoingToCamp WA site, I observed that their API calls included a large set of HTTP headers, including those related to DataDome's bot protection. To isolate the essential headers required to prevent the API request from being rejected, I just copied the request and removed headers one by one. I identified that retaining only the User-Agent and Accept-Language headers circumvented the issue.

Further investigation into the DataDome Request Validation API revealed that the Accept-Language header is among the top headers validated by DataDome. Including this header makes our API requests appear more legitimate (which it is), aligning closely with typical user requests, thus avoiding immediate rejection.

It's important to clarify that this modification does not represent a bypass of the captcha mechanism but rather an enhancement to the request headers to align with validation checks. This approach is currently effective, but it is susceptible to changes should GoingToCamp WA update their bot protection strategies.

I'm aware of your comment about captchas https://github.com/juftin/camply/issues/287#issuecomment-1673532963, so please close this if this is not something you're into. Not intending to break captcha with this, just replicating the network request on their website more accurately with a single header addition.

Has This Been Tested?

Before

Screenshot 2024-04-26 at 2 13 24 PM

After

Screenshot 2024-04-26 at 2 13 48 PM

Checklist:

juftin commented 3 months ago

Whoa, I'm blown away by the detail included here. Thank you very much @regaw-leinad. I'd be happy to have this contribution!!

juftin commented 3 months ago

Tested working.

Closes #328

juftin commented 3 months ago

:tada: This PR is included in version 0.32.4 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

juftin commented 3 months ago

Can't believe this was this easy - what a find. This is released on PyPI on 0.32.4