fix: update headers to bypass Cloudflare 403 Forbidden blocks#97
Open
DimaD16 wants to merge 4 commits intoJeanExtreme002:mainfrom
Open
fix: update headers to bypass Cloudflare 403 Forbidden blocks#97DimaD16 wants to merge 4 commits intoJeanExtreme002:mainfrom
DimaD16 wants to merge 4 commits intoJeanExtreme002:mainfrom
Conversation
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR addresses the persistent
403 Forbiddenerrors encountered when using various functions of the library (such assearch(),getFlights(), orgetFlightDetails()). These errors are caused by FlightRadar24's Cloudflare protection blocking the default browser-based headers.Root Cause
Cloudflare's security measures currently flag and block the outdated Chrome/Windows 7
User-Agentstring used by default incore.jsandcore.py. This results in the client receiving a "Just a moment..." challenge page or a direct 403 response instead of the requested JSON/data.Solution
The fix involves updating the global headers in
core.jsandcore.pyto mimic the official FlightRadar24 mobile application (iOS). Mobile app traffic is generally subject to different filtering rules and is currently not blocked by the Cloudflare challenges affecting browser-like requests from scripts.Key Changes:
Flightradar24/10.0.0 (com.flightradar24.iphone; build:10.0.0.1; iOS 17.4.1) Alamofire/5.9.1.origin,referer,sec-fetch-*) that are not used by the mobile API and can serve as bot fingerprints.Coreclass, they automatically apply to all API requests made by the library.