* fix: add CORS middleware to allow extension connection
* fix(cors): validate extension ID to prevent other extensions from accessing endpoints
---------
Co-authored-by: Tommy D. Rossi <beats.by.morse@gmail.com>
Fixes#22
CDP's Network.enable buffers response bodies by default, which breaks
SSE/streaming - data arrives at Chrome but ReadableStream never receives it.
Changes:
- Intercept Network.enable in relay, default maxTotalBufferSize: 0
- Agents can re-enable buffering via Network.disable + Network.enable
with explicit buffer sizes when they need response.body()
- Added test and documentation for reading response bodies
- Use 127.0.0.1 instead of localhost to avoid DNS/IPv6 resolution issues
- Add 15s global timeout wrapper around connect() to prevent hanging forever
- Reduce HTTP retry attempts from 30 to 5 (maintainLoop retries anyway)
- Fix WebSocket cleanup: close socket on timeout to prevent orphaned connections
- Improve settled state tracking in WebSocket connection promise
Standard Chrome DevTools Protocol HTTP discovery endpoints that allow
tools like Playwright to connect using just the HTTP URL.
- /json/version returns browser info and webSocketDebuggerUrl
- /json/list returns array of connected targets
- Supports GET/PUT methods and trailing slashes for compatibility
Service workers, web workers, and iframes are now filtered out at the
server level, preventing Playwright from trying to initialize these
targets which caused timeouts and errors.
Standard Chrome DevTools Protocol HTTP discovery endpoints that allow
tools like Playwright to connect using just the HTTP URL without needing
to call getCdpUrl() first.
- /json/version returns browser info and webSocketDebuggerUrl
- /json/list returns array of connected targets
- Supports GET/PUT methods and trailing slashes for compatibility
Fixes 'no low surrogate in string' API error when page content contains
malformed Unicode characters. Uses toWellFormed() on Node.js 20+ with
graceful fallback on older versions.