fix: object URL leak, CDP before goto, limit raw secrets in extract

- AuthCaptureDialog: revokeObjectURL on each frame to prevent memory leak - CDP Network capture starts before initial page.goto, not after - /extract defaults to candidates-only; pass ?include_raw=true for full data
2026-05-18 14:25:56 +08:00
parent c7b33983d6
commit 7cb0ff1608
3 changed files with 15 additions and 9 deletions
@@ -387,10 +387,11 @@ class BrowserSessionService:
                captured_headers=[],
            )
            self._sessions[session.id] = session
+        # Start CDP network capture BEFORE the initial page load,
+        # so we capture login redirects and auth headers from the start.
+        await self._start_cdp_capture(session)
        try:
            await page.goto(url, wait_until="domcontentloaded", timeout=45000)
-            # Start CDP network capture immediately — so we don't miss login requests
-            await self._start_cdp_capture(session)
        except Exception:
            await self.close(session.id)
            raise