Broken website in Cromite

[eskimododo]

Preliminary checklist

• [X] I have read the README.
• [X] I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
• [X] I have read the FAQs.
• [X] I have updated Cromite to the latest version. The bug is reproducible on this latest version.
• [X] This is a bug report about the Cromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

Yes

Cromite version

117, 118

Device architecture

arm64

Platform version

Android 13

Android Device model

Oppo Find N, Samsung Tab S6 Lite

Is the device rooted?

No

Changed flags

No flags changed

Is this bug happening in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

1. No

Describe the bug

When visiting the website "www.shopee.sg" in desktop site mode the website keeps returning traffic error which is not the expected behavior. On non desktop site mode, tapping on a product will automatically give the traffic error page.

I have tried this website on the latest Google chrome for Android and the website works exactly as expected with no traffic errors. Have tried to disable AdBlock, allow all cookies, disable all privacy related settings, but the error still persist.

Steps to reproduce the bug

1. Enable desktop site
2. Go to "www.shopee.sg"
3. Wait for page to load, page will immediately redirect to an error page after loading halfway.

On non desktop site mode

1. Go to "www.shopee.sg"
2. Click on any product
3. Gets redirected to a traffic error page

Expected behavior

Expected behavior is for the page to load normally and being able to go in and view products on the website.

Screenshots

No response

[uazo]

interesting, that site does not like cromite, it is detected as a Crawler

[uazo]

this is a good challenge. an analysis of the javascript code is practically impossible as they use obfuscation methods that do not allow me to easily understand which api they are exploiting. by the way, that site uses fingerprintjs (which, however, cannot identify the same cromite user between sessions). the other option is to remove the patches as I go along to see which one it is, for me it is impossible, it would take me too long.

so, sorry, be patient.

the idea is to trace v8 calls at the blink level, nothing impossible. theoretically, if done well, it could also be an input for an AI to clustering behaviour, that would be nice. and also check how visiblev8 works

a lot of work...