Skip to content

feat: integrate FingerprintJS Pro visitor header for bot detection#2378

Merged
thostetler merged 1 commit into
adsabs:masterfrom
thostetler:feat/fingerprintjs-pro
May 11, 2026
Merged

feat: integrate FingerprintJS Pro visitor header for bot detection#2378
thostetler merged 1 commit into
adsabs:masterfrom
thostetler:feat/fingerprintjs-pro

Conversation

@thostetler
Copy link
Copy Markdown
Member

@thostetler thostetler commented May 11, 2026
edited
Loading

  • Added fingerprint_core.js utility (mirrors recaptcha_core.js pattern): lazy-loads the FingerprintJS Pro CDN script, initializes the SDK, and caches the visitorId
  • Wired into discovery_bootstrap.configure() where DynamicConfig is available and api.modifyRequestOptions is set; header injection lives inside the existing override closure with a first-party URL guard
  • Added fingerprintApiKey config var to discovery.vars.js.default (empty = disabled, no script loaded)
  • All failure paths (script load, SDK init, fp.get()) resolve to null and are swallowed — this cannot break requests or halt bootstrap under any circumstances

@thostetler thostetler marked this pull request as ready for review May 11, 2026 15:02
Copilot AI review requested due to automatic review settings May 11, 2026 15:02
Copilot AI reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a best-effort FingerprintJS Pro integration to Discovery so the client can attach a per-visitor identifier header to first-party ADS API requests (to support downstream bot-detection/traffic analysis) without impacting bootstrap or request execution if anything fails.

Changes:

  • Added a new fingerprint_core utility that lazy-loads the FingerprintJS Pro CDN script, initializes the SDK, and caches visitorId.
  • Wired the utility into discovery_bootstrap.configure() to (a) start loading the SDK when fingerprintApiKey is configured and (b) inject X-Fp-Visitor-Id on first-party API requests.
  • Added fingerprintApiKey to the default Discovery vars and added Mocha tests for the new utility.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
src/js/utils/fingerprint_core.js New utility to inject FingerprintJS Pro script and cache visitorId.
src/js/mixins/discovery_bootstrap.js Loads FingerprintJS Pro at bootstrap and adds visitor header to first-party API requests.
src/config/discovery.vars.js.default Adds fingerprintApiKey config knob (empty disables).
test/mocha/js/utils/fingerprint_core.spec.js Adds unit tests covering load success/failure paths and caching behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/js/utils/fingerprint_core.js
Comment thread test/mocha/js/utils/fingerprint_core.spec.js Outdated
@thostetler
feat: integrate FingerprintJS Pro visitor header for bot detection
eb42c64 
Loads FingerprintJS Pro at app startup and attaches the resolved
visitorId as X-Fp-Visitor-Id on all first-party ADS API requests.
Enforcement is left to the backend. The integration is fully
best-effort — any failure at any point resolves silently to a
no-op with no impact on request flow or app bootstrap.
@thostetler thostetler force-pushed the feat/fingerprintjs-pro branch from 55a0ba5 to eb42c64 Compare May 11, 2026 19:46
@thostetler thostetler merged commit a22a5fa into adsabs:master May 11, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thostetler