feat: update Chrome UA to 133 and add sec-ch-ua/Sec-Fetch headers for anti-detection

2026-03-09 12:04:26 +08:00
parent df9b58ed0a
commit b2603eb753
2 changed files with 13 additions and 2 deletions
--- a/twitter_cli/client.py
+++ b/twitter_cli/client.py
@@ -12,7 +12,7 @@ import urllib.error
 import urllib.parse
 import urllib.request

-from .constants import BEARER_TOKEN, USER_AGENT
+from .constants import BEARER_TOKEN, USER_AGENT, SEC_CH_UA, SEC_CH_UA_MOBILE, SEC_CH_UA_PLATFORM
 from .models import Author, Metrics, Tweet, TweetMedia, UserProfile

 try:
@@ -610,6 +610,12 @@ class TwitterClient:
            "Referer": "https://x.com",
            "Accept": "*/*",
            "Accept-Language": "en-US,en;q=0.9",
+            "sec-ch-ua": SEC_CH_UA,
+            "sec-ch-ua-mobile": SEC_CH_UA_MOBILE,
+            "sec-ch-ua-platform": SEC_CH_UA_PLATFORM,
+            "Sec-Fetch-Dest": "empty",
+            "Sec-Fetch-Mode": "cors",
+            "Sec-Fetch-Site": "same-origin",
        }
        if method == "POST":
            headers["Content-Type"] = "application/json"
--- a/twitter_cli/constants.py
+++ b/twitter_cli/constants.py
@@ -8,5 +8,10 @@ BEARER_TOKEN = (
 USER_AGENT = (
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) "
    "AppleWebKit/537.36 (KHTML, like Gecko) "
-    "Chrome/131.0.0.0 Safari/537.36"
+    "Chrome/133.0.0.0 Safari/537.36"
 )
+
+# Chrome Client Hints — sent by modern Chrome on every request
+SEC_CH_UA = '"Chromium";v="133", "Not(A:Brand";v="99", "Google Chrome";v="133"'
+SEC_CH_UA_MOBILE = "?0"
+SEC_CH_UA_PLATFORM = '"macOS"'