Skip to content

When cdp url is set, but browser type is not set throw a 400#1744

Open
tkattkat wants to merge 1 commit intomainfrom
Throw-400-when-cdpUrl-is-set,-but-browser-type-is-not-set
Open

When cdp url is set, but browser type is not set throw a 400#1744
tkattkat wants to merge 1 commit intomainfrom
Throw-400-when-cdpUrl-is-set,-but-browser-type-is-not-set

Conversation

@tkattkat
Copy link
Collaborator

@tkattkat tkattkat commented Feb 24, 2026
edited by cubic-dev-ai bot
Loading

why

Currently, if a cdp url is set, but browser.type is not set to local a session is created on api

what changed

We now warn people that they need to set the browser.type to local to properly use their own custom cdp url

test plan

tested locally with http requests + from go client + added tests

Summary by cubic

Return 400 on POST /v1/sessions/start when browser.cdpUrl is provided but browser.type is not "local", preventing unintended session creation and guiding correct local CDP usage.

  • Bug Fixes
    • Validate start request: if browser.cdpUrl is set and browser.type !== "local", respond with 400 and a clear error message.
    • Keep existing local validation: when browser.type is "local", require either cdpUrl or launchOptions.
    • Add integration tests for missing type and type="browserbase" with cdpUrl.

Written for commit e1fd872. Summary will update on new commits. Review in cubic

@changeset-bot
Copy link

changeset-bot bot commented Feb 24, 2026

⚠️ No Changeset found

Latest commit: e1fd872

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 24, 2026

Greptile Summary

Prevents API session creation when cdpUrl is provided without setting browser.type to "local".

  • Added Zod validation using superRefine to check if cdpUrl is set without browser.type === "local"
  • Returns 400 error with clear message instructing users to set browser.type to "local" when using CDP URL
  • Tests cover both missing browser.type (defaults to "browserbase") and explicit "browserbase" type scenarios

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The change adds proper input validation with clear error messaging, includes comprehensive test coverage for both edge cases, and follows existing validation patterns in the codebase. The logic is straightforward and prevents a configuration mistake that would result in unexpected behavior.
  • No files require special attention

Important Files Changed

Filename Overview
packages/server/src/routes/v1/sessions/start.ts Added validation to reject cdpUrl when browser.type is not set to "local", preventing API session creation when CDP URL is provided without proper browser type configuration
packages/server/test/integration/v3/start.test.ts Added comprehensive tests for the new validation: one for missing browser.type with cdpUrl, another for explicit "browserbase" type with cdpUrl

Last reviewed commit: e1fd872

greptile-apps[bot]
greptile-apps bot reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.
Architecture diagram 
sequenceDiagram
    participant Client
    participant API as API Server (/v1/sessions/start)
    participant Validator as Zod Schema (startBodySchema)
    participant Sessions as Session Manager

    Note over Client,Sessions: Session Initialization Flow

    Client->>API: POST /v1/sessions/start (with browser options)
    API->>Validator: Validate Request Body

    alt NEW: Invalid CDP Configuration
        Note right of Validator: browser.cdpUrl is set AND<br/>browser.type !== "local"
        Validator-->>API: Throw Validation Error
        API-->>Client: 400 Bad Request (Error: browser.type must be "local")
    else Valid local CDP Configuration
        Note right of Validator: browser.cdpUrl is set AND<br/>browser.type === "local"
        Validator-->>API: Validated Input
        API->>Sessions: Create Session (Connect to custom CDP)
        Sessions-->>API: Session Details
        API-->>Client: 200/201 Success
    else CHANGED: Standard Local Config
        Note right of Validator: browser.type === "local"
        Validator->>Validator: Ensure cdpUrl OR launchOptions exist
        Validator-->>API: Validated Input
        API->>Sessions: Create Session
        Sessions-->>API: Session Details
        API-->>Client: 200/201 Success
    end
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tkattkat