From 720a1ebceee9ae1154241e22732c36a44a15392f Mon Sep 17 00:00:00 2001
From: Luciabrightcode <azjam969@gmail.com>
Date: Tue, 23 Dec 2025 17:38:16 +0800
Subject: [PATCH] fix(fidelity): inject sec-ch-ua headers in extractor

- Derive sec-ch-ua from Browser UA using HandoverValidator
- Closes gap in modern Chrome impersonation fidelity
- Verified with verify_tls.py
---
 src/extractor/client.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/extractor/client.py b/src/extractor/client.py
index 63f0121..7069d0b 100644
--- a/src/extractor/client.py
+++ b/src/extractor/client.py
@@ -1,5 +1,6 @@
 from curl_cffi.requests import AsyncSession
 from src.core.session import SessionState
+from src.core.handover import HandoverValidator
 import logging
 
 # Configure logging
@@ -53,6 +54,9 @@ class CurlClient:
             "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
             "Accept-Language": "en-US,en;q=0.9",
             # Add sec-ch-ua derivation here if strict mode
+            "sec-ch-ua": HandoverValidator.derive_sec_ch_ua(self.session_state.user_agent),
+            "sec-ch-ua-mobile": "?0",
+            "sec-ch-ua-platform": '"Windows"',
         }
         
         logger.info(f"CurlClient initialized with impersonation: {self.session_state.tls_fingerprint}")