I’m struggling with Vercel’s security system during my automation tests. When I use Playwright in headless mode, it gets stuck at a bot check before the website loads. This seems to be part of Vercel’s attack prevention measures.
I’ve tried a few things:
- Looking into Vercel cookies, but they only last an hour. Not great for automation.
- Researching ways to bypass the security checkpoint.
Has anyone found a good way to handle this? I’m testing a site that uses Vercel and I can’t get past this hurdle. Maybe there’s a better approach I’m not seeing?
Here’s a simple example of what I’m trying:
const { chromium } = require('playwright');
async function runTest() {
const browser = await chromium.launch({ headless: true });
const page = await browser.newPage();
try {
await page.goto('https://example-vercel-site.com');
// This is where it gets stuck
await page.waitForSelector('body', { timeout: 30000 });
} catch (error) {
console.error('Failed to load page:', error);
}
await browser.close();
}
runTest();
Any ideas would be super helpful. Thanks!
hey there, i’ve dealt with similar headaches. one thing that worked for me was using a proxy service to rotate IPs. it kinda tricks the system into thinkin ur comin from different places. also, try adding some random delays n mouse movements to ur script. makes it seem more human-like. good luck with ur testing!
I’ve faced similar issues with Vercel’s anti-bot measures. One approach that worked for me was using a combination of techniques to make the automated tests appear more human-like.
First, I implemented user agent rotation. I created a list of common user agents and randomly selected one for each test run. This helped vary the browser fingerprint.
Next, I added some randomized delays between actions to mimic natural browsing patterns. For example:
await page.goto('https://example-vercel-site.com');
await page.waitForTimeout(Math.floor(Math.random() * 3000) + 1000);
I also found that adding simple mouse movements and scrolling helped:
await page.mouse.move(100, 100);
await page.evaluate(() => window.scrollTo(0, 100));
Lastly, I experimented with using a non-headless browser for initial authentication, then transferring the session to headless mode for the actual tests. This sometimes helped bypass the initial security checks.
Remember, these techniques aren’t foolproof and may need adjusting as Vercel updates their security. Always ensure you’re complying with the site’s terms of service when testing.
I’ve dealt with similar issues when testing Vercel-hosted sites. One technique that’s worked well for me is using a proxy rotation service. This helps mask your IP and makes your requests appear to come from different locations, which can sometimes bypass bot detection.
Another approach is to use browser fingerprinting techniques. Tools like Fingerprint.js can help you generate more realistic browser profiles. You can then use these profiles in your Playwright scripts to make your automated browser appear more like a genuine user’s setup.
Have you considered using a headful browser instead of headless? Sometimes, running tests in a visible browser window can help bypass certain security checks. You might need to adjust your CI/CD pipeline, but it could be worth a try.
Lastly, if all else fails, you might want to explore using actual human interaction for initial authentication, then programmatically extracting and using those session tokens in your automated tests. It’s not ideal, but it can be a workable solution in some cases.