fix: remove browser UA spoofing for ChatGPT API requests#124
Conversation
Replace Chrome browser User-Agent with honest `codex-auth/<version>` identifier for all requests to chatgpt.com backend-api endpoints (usage, account check). The previous Chrome UA string was unnecessary — the API works fine with a transparent client identifier, matching how the official Codex CLI identifies itself as `codex_cli_rs/<version>`.
Greptile SummaryThis PR replaces the hardcoded Chrome browser User-Agent string with a transparent
Confidence Score: 5/5Safe to merge — a straightforward UA string replacement with all references consistently updated. The change is a mechanical find-and-replace: one constant redefined in http_types.zig and every call site in http.zig and http_node.zig updated in the same commit. The new value uses a compile-time ++ concatenation of two string literals, which is valid Zig. No logic, auth flow, or data handling is altered. No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant C as codex-auth client
participant N as Node.js helper
participant API as chatgpt.com/backend-api
C->>N: "spawn with UA = "codex-auth/0.3.0-alpha.9""
Note over N: runNodeBearerGetJsonCommand<br/>runNodeGetJsonCommand<br/>runNodeGetJsonBatchCommand
N->>API: GET /usage (User-Agent: codex-auth/0.3.0-alpha.9)
API-->>N: 200 OK + JSON
N-->>C: parsed response
Reviews (3): Last reviewed commit: "fix: update remaining browser_user_agent..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
@loongphy/codex-auth-darwin-arm64
@loongphy/codex-auth-darwin-x64
@loongphy/codex-auth-linux-arm64
@loongphy/codex-auth-linux-x64
@loongphy/codex-auth-win32-arm64
@loongphy/codex-auth-win32-x64
@loongphy/codex-auth
commit: |
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
| pub const child_process_timeout_ms: []const u8 = "7000"; | ||
| pub const child_process_timeout_ms_value: u64 = 7000; | ||
| pub const browser_user_agent: []const u8 = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"; | ||
| pub const user_agent: []const u8 = "codex-auth/" ++ version.app_version; |
There was a problem hiding this comment.
browser_user_agent was renamed to user_agent here, but src/api/http.zig (line 14) and src/api/http_node.zig (line 16) still import types.browser_user_agent. Because that symbol no longer exists in http_types.zig, both files will fail to compile. The rename must be propagated to every reference, including the aliased re-exports in http.zig and the local binding + all three use-sites in http_node.zig (lines 16, 269, 337, 414).
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/api/http_types.zig
Line: 9
Comment:
**Build-breaking rename — two call sites not updated**
`browser_user_agent` was renamed to `user_agent` here, but `src/api/http.zig` (line 14) and `src/api/http_node.zig` (line 16) still import `types.browser_user_agent`. Because that symbol no longer exists in `http_types.zig`, both files will fail to compile. The rename must be propagated to every reference, including the aliased re-exports in `http.zig` and the local binding + all three use-sites in `http_node.zig` (lines 16, 269, 337, 414).
How can I resolve this? If you propose a fix, please make it concise.
The remote rename of browser_user_agent → user_agent in http_types.zig left stale references in http.zig and http_node.zig.
1 participant
Summary
Replace the Chrome browser User-Agent string with an honest
codex-auth/<version>identifier for all requests tochatgpt.com/backend-apiendpoints (usage, account check).Motivation
The previous UA was a hardcoded Chrome browser string:
This was unnecessary — the API works fine with a transparent client identifier. The official Codex CLI similarly identifies itself as
codex_cli_rs/<version>.Testing
Verified with a Business (team) account that the usage API returns HTTP 200 with
codex-auth/0.3.0-alpha.9UA.