Since I literally have to watch the paint dry, here's a bot for Project Zero issues too:

@p0bot

@buherator do you plan to share the source somewhere?

@swapgs I can if you are interested, but it's really not anything fancy.

@swapgs There is one thing though that I don't understand, so I'll probably upload to GH shortly...

@buherator sounds fun :D

@swapgs My problem is that Monorail appends a prefix (6 ASCII chars IIRC) to the JSON response that kills httpx unless I hack around it manually:

https://github.com/v-p-b/p0-bot-akkoma/blob/aa9dacb01711a5b00a607a64217aa8d29055e6d9/p0bot.py#L45

You can also see it when you check the raw response in browser devtools.

Any ideas?

@buherator Ooo that silly XSSI prefix! Their frontend just skips it, I don't see a better way for httpx:

async call(e, s, i, r)
{
    // [...]
    const a = `${!0 === this.insecure ? "http:" : "https:"}//${this.host}/prpc/${e}/${s}`,
        l = this._requestOptions(i, r),
        c = await this.fetchImpl(a, l);
    // [...]
    const u = ")]}'",
        h = await c.text();
    if (d !== t.OK)
        throw new n(d, h);
    if (!h.startsWith(u))
        throw new o(c.status, "Response body does not start with XSSI prefix: )]}'");
    return JSON.parse(h.substr(u.length))
}

@swapgs TIL, thanks!

@buherator Same in other internal code like https://chromium.googlesource.com/infra/infra/+/0a1e0b989cc9133aa62f8448382b0e9d022d41a6/appengine/monorail/sitewide/usercommits.py#102 so I don't think there's a header you can set to avoid it.