diff --git a/pyproject.toml b/pyproject.toml index 1f6b5a0..ef02b8b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "twitter-cli" -version = "0.3.0" +version = "0.3.1" description = "A CLI for Twitter/X — feed, bookmarks, and user timeline in terminal" readme = "README.md" license = "Apache-2.0" diff --git a/twitter_cli/client.py b/twitter_cli/client.py index cc8d7c9..1e5f102 100644 --- a/twitter_cli/client.py +++ b/twitter_cli/client.py @@ -589,12 +589,19 @@ class TwitterClient: return self._ct_init_attempted = True try: - session = _requests_lib.Session() - session.headers.update(_gen_ct_headers()) - home_page = session.get("https://x.com", timeout=10) + # Use curl_cffi for ClientTransaction init to maintain consistent + # Chrome TLS fingerprint. Using Python requests here would leak + # a different TLS fingerprint on the same IP — a detection vector. + cffi_session = _get_cffi_session() + ct_headers = _gen_ct_headers() + home_page = cffi_session.get( + "https://x.com", headers=ct_headers, timeout=10, + ) home_page_response = bs4.BeautifulSoup(home_page.content, "html.parser") ondemand_url = get_ondemand_file_url(response=home_page_response) - ondemand_file = session.get(ondemand_url, timeout=10) + ondemand_file = cffi_session.get( + ondemand_url, headers=ct_headers, timeout=10, + ) self._client_transaction = ClientTransaction( home_page_response=home_page_response, ondemand_file_response=ondemand_file.text, diff --git a/uv.lock b/uv.lock index e312255..ed5b5b4 100644 --- a/uv.lock +++ b/uv.lock @@ -1116,7 +1116,7 @@ wheels = [ [[package]] name = "twitter-cli" -version = "0.2.0" +version = "0.3.0" source = { editable = "." } dependencies = [ { name = "beautifulsoup4" },