diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a477de..e8ccf9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), ## [0.1.7] - 2026-05-21 ### Fixed -- [#18](https://github.com/feder-cr/invisible_playwright/issues/18): Tab crash on `id.sky.com` and similar sites when running with `headless=True` on Windows. Two separate bugs that only triggered together: (1) the Chromium content sandbox at default level 6 puts content processes on `kAlternateWinstation`, but the wrapper hides the browser window on its own alt-desktop (`CreateDesktop` for headless on Windows). Mismatched desktops → cross-process navigations (Adobe AppMeasurement on id.sky.com triggers them) couldn't reparent windows → content process exits cleanly and Playwright fires `page.on('crash')`. (2) The canvas2d `getImageData` stealth spoof wrote to a read-only mapped `DataSourceSurface`. On GPU-backed canvases that memory is write-protected → segfault during the final `getImageData` id.sky.com runs at page unload. Wrapper now sets `security.sandbox.content.level=4` in the alt-desktop workaround set, and `firefox-7` ships the source fix that moves the noise to the JS array's writable backing buffer. Reporter: [@gamefireat123-eng](https://github.com/gamefireat123-eng). +- [#18](https://github.com/feder-cr/invisible_playwright/issues/18): Tab crash when running with `headless=True` on Windows on pages that trigger cross-process navigation. Two separate bugs that only manifested together: (1) the Chromium content sandbox at default level 6 puts content processes on `kAlternateWinstation`, but the wrapper hides the browser window on its own alt-desktop (`CreateDesktop` for headless on Windows). Mismatched desktops → cross-process navigations couldn't reparent windows → content process exits cleanly and Playwright fires `page.on('crash')`. (2) The canvas2d `getImageData` stealth spoof wrote to a read-only mapped `DataSourceSurface`. On GPU-backed canvases that memory is write-protected → segfault during the final `getImageData` at page unload. Wrapper now sets `security.sandbox.content.level=4` in the alt-desktop workaround set, and `firefox-7` ships the source fix that moves the noise to the JS array's writable backing buffer. ### Changed - `BINARY_VERSION` bumped from `firefox-5` to `firefox-7`. `firefox-6` was rolled back when its partial fix turned out to be wrong (the iframe-burst hypothesis was a dead end; bisection in the evening found the real two-bug cause documented above). diff --git a/README.md b/README.md index c95e4fa..205617c 100644 --- a/README.md +++ b/README.md @@ -203,24 +203,6 @@ invisible_playwright version # wrapper and binary versions invisible_playwright clear-cache # remove all cached binaries ``` -## Known issues - -### `headless=True` on Windows can cause tab crashes on sites with heavy cross-process navigation - -Reported as [#18](https://github.com/feder-cr/invisible_playwright/issues/18) (`id.sky.com` and similar). On Windows, `headless=True` runs Firefox headed on a hidden alt-desktop created via `CreateDesktop`. Some sites (id.sky.com, anything else loading Adobe AppMeasurement in a way that triggers cross-process navigation) end up firing `page.on('crash')` after about 10 seconds. The cause is a window-parenting interaction between the alt-desktop and the GPU/content processes; the workaround is one of: - -```python -# Option A — keep the visible window (no alt-desktop) -with InvisiblePlaywright(seed=42, headless=False) as browser: - ... - -# Option B — run inside Xvfb on Linux (alt-desktop bug is Windows-only) -``` - -The visible window case works on every site we've tested. Linux + Xvfb is unaffected. - ---- - ## Related projects invisible_playwright takes a different angle than the major Firefox-hardening projects but stands on their shoulders: