From f500c038cb0aed41f6007e7c65e2c9e6534eee50 Mon Sep 17 00:00:00 2001
From: JesseMarkowitz <Jesse.Markowitz@gmail.com>
Date: Sat, 28 Feb 2026 05:27:53 -0500
Subject: [PATCH] fix: remove User-Agent override to prevent TLS/UA fingerprint
 mismatch

curl_cffi sets a User-Agent consistent with its JA3 TLS fingerprint.
BaseProvider's custom UA (Chrome/121) conflicted with the chrome120
TLS fingerprint, causing Cloudflare to flag the request as a bot.
Removing the UA from session headers lets curl_cffi manage its own.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/providers/chatgpt.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/providers/chatgpt.py b/src/providers/chatgpt.py
index 57c02e0..90c7400 100644
--- a/src/providers/chatgpt.py
+++ b/src/providers/chatgpt.py
@@ -40,6 +40,12 @@ class ChatGPTProvider(BaseProvider):
         cf_session = curl_requests.Session(impersonate=IMPERSONATE)
         super().__init__(session=cf_session)  # type: ignore[arg-type]
 
+        # Remove the User-Agent set by BaseProvider. curl_cffi sets a UA that is
+        # consistent with its TLS JA3 fingerprint for chrome120. If we leave a
+        # mismatched UA (e.g. Chrome/121 header with Chrome/120 TLS), Cloudflare's
+        # bot detection flags it. Removing it lets curl_cffi manage its own UA.
+        self._session.headers.pop("User-Agent", None)
+
         token = session_token or os.getenv("CHATGPT_SESSION_TOKEN", "").strip()
         if not token:
             raise ProviderError(