Fix Cursor Arc cookie import and access errors#374
Fix Cursor Arc cookie import and access errors#374jperezr21 wants to merge 1 commit intosteipete:mainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 49afa43c77
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "session", | ||
| "__recent_auth", | ||
| "__wuid", | ||
| "workos_id", | ||
| "__kduid", |
There was a problem hiding this comment.
Including very generic names like session, __wuid, and workos_id in the session-cookie allowlist makes importSession return on cookies that are not guaranteed to authenticate a user, and that short-circuits the browser scan before later browsers are tried. In fetch, a false-positive from the first browser can lead to .notLoggedIn (or fallback to stale stored cookies) even when another browser in the configured order has a valid Cursor login.
Useful? React with 👍 / 👎.
| throw BrowserCookieError.accessDenied( | ||
| browser: browser, | ||
| details: "\(browser.displayName) Safe Storage keychain item is not accessible.") |
There was a problem hiding this comment.
This path throws .accessDenied whenever no safe-storage label yields a password, but findGenericPassword returns nil for both true permission denials and non-denial cases like missing/renamed keychain items. Treating all misses as access-denied causes BrowserCookieAccessGate.recordIfNeeded to suppress retries and surfaces a misleading “allow Keychain access” error when the actual issue is key lookup, not user denial.
Useful? React with 👍 / 👎.
1 participant
Summary
Validation