Merge 7034e0f619d1bbae26bf78530819ad98ec4a8458 into ce5369dd413cd71a81ce38a5ccd379f6c9352e23

2025-06-08 12:35:30 +00:00 · 2025-03-05 01:42:17 +07:00 · 2025-03-05 01:42:17 +07:00 · 65dffb5807
commit 65dffb5807
parent ce5369dd41 7034e0f619
3 changed files with 50 additions and 25 deletions
--- a/src/dtos.py
+++ b/src/dtos.py
@ -41,6 +41,7 @@ class V1RequestBase(object):
    url: str = None
    postData: str = None
    returnOnlyCookies: bool = None
+    referer: str = None
    download: bool = None   # deprecated v2.0.0, not used
    returnRawHtml: bool = None  # deprecated v2.0.0, not used

--- a/src/flaresolverr_service.py
+++ b/src/flaresolverr_service.py
@ -2,8 +2,9 @@ import logging
 import platform
 import sys
 import time
+import json
+import base64
 from datetime import timedelta
-from html import escape
 from urllib.parse import unquote, quote

 from func_timeout import FunctionTimedOut, func_timeout
@ -423,33 +424,53 @@ def _evil_logic(req: V1RequestBase, driver: WebDriver, method: str) -> Challenge


 def _post_request(req: V1RequestBase, driver: WebDriver):
-    post_form = f'<form id="hackForm" action="{req.url}" method="POST">'
-    query_string = req.postData if req.postData[0] != '?' else req.postData[1:]
-    pairs = query_string.split('&')
-    for pair in pairs:
-        parts = pair.split('=')
-        # noinspection PyBroadException
-        try:
-            name = unquote(parts[0])
-        except Exception:
-            name = parts[0]
-        if name == 'submit':
-            continue
-        # noinspection PyBroadException
-        try:
-            value = unquote(parts[1])
-        except Exception:
-            value = parts[1]
-        post_form += f'<input type="text" name="{escape(quote(name))}" value="{escape(quote(value))}"><br>'
-    post_form += '</form>'
+    payload = dict()
+    try:
+        payload = json.loads(req.postData)
+    except json.JSONDecodeError:
+        query_string = req.postData if req.postData[0] != '?' else req.postData[1:]
+        pairs = query_string.split('&')
+        for pair in pairs:
+            parts = pair.split('=')
+            # noinspection PyBroadException
+            try:
+                name = unquote(parts[0])
+            except Exception:
+                name = parts[0]
+            if name == 'submit':
+                continue
+            # noinspection PyBroadException
+            try:
+                value = unquote(parts[1])
+            except Exception:
+                value = parts[1]
+            payload[name] = value
+    data = json.dumps({ "payload": payload, "referer": req.referer or '', "url": req.url }).replace('<', '\\<').replace('>', '\\>')
    html_content = f"""
        <!DOCTYPE html>
        <html>
        <body>
-            {post_form}
-            <script>document.getElementById('hackForm').submit();</script>
+            <form id="hackForm" method="POST"></form>
+            <script>
+                const data = {data};
+                try {{
+                    if (data.referer) window.history.replaceState('', null, data.referer);
+                }} catch (e) {{
+                    // this requires --disable-web-security flag
+                }}
+                const form = document.getElementById('hackForm');
+                form.action = data.url;
+                for (const key in data.payload) {{
+                    const input = document.createElement('textarea');
+                    input.name = key;
+                    input.value = data.payload[key];
+                    form.appendChild(input);
+                }}
+                form.submit();
+            </script>
        </body>
        </html>"""
-    driver.get("data:text/html;charset=utf-8,{html_content}".format(html_content=html_content))
+    b64_content = base64.b64encode(html_content.encode('utf-8')).decode('ascii')
+    driver.get("data:text/html;base64,{b64_content}".format(b64_content=b64_content))
    driver.start_session()
-    driver.start_session()  # required to bypass Cloudflare
+    driver.start_session()  # required to bypass Cloudflare
--- a/src/utils.py
+++ b/src/utils.py
@ -149,6 +149,9 @@ def get_webdriver(proxy: dict = None) -> WebDriver:
    # https://peter.sh/experiments/chromium-command-line-switches/#use-gl
    options.add_argument('--use-gl=swiftshader')

+    if (os.environ.get('DISABLE_WEB_SECURITY', None) is not None):
+        options.add_argument('--disable-web-security')
+
    language = os.environ.get('LANG', None)
    if language is not None:
        options.add_argument('--accept-lang=%s' % language)
@ -172,7 +175,7 @@ def get_webdriver(proxy: dict = None) -> WebDriver:
    if get_config_headless():
        if os.name == 'nt':
            windows_headless = True
-        else:
+        elif not os.environ.get('DISPLAY', '') and not os.environ.get('WAYLAND_DISPLAY', ''):
            start_xvfb_display()
    # For normal headless mode:
    # options.add_argument('--headless')