feat: add POST /tabs/:tabId/set_input_files endpoint#4164
Open
MrReasonable wants to merge 2 commits into
Open
Conversation
Adds a new route for programmatically attaching files to <input type="file"> elements via Playwright's setInputFiles. File paths are restricted to a configurable uploads directory (CAMOFOX_UPLOADS_DIR, default /home/node/cv-uploads) to prevent arbitrary file exfiltration. Supports both ref-based and CSS selector targeting, with auto-refresh of stale refs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Covers selector and ref-based file attachment, path-traversal rejection, missing ref/selector validation, and 404 for unknown tabs. Global setup now creates a temp uploads directory and passes CAMOFOX_UPLOADS_DIR to the test server so the sandbox restriction is exercisable in CI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
AI agents using camofox-browser often need to apply for jobs or submit documents on behalf of users. Many job sites and portals use
<input type="file">elements for CV/resume uploads — but browsers intentionally block JavaScript from setting file inputs, so a standardtypeorclickaction cannot attach a file. This endpoint fills that gap by exposing Playwright's privilegedsetInputFileschannel via the REST API.What
Adds
POST /tabs/:tabId/set_input_filesto programmatically attach files to<input type="file">elements.ref(preferred, with automatic stale-ref refresh) or a CSSselectorto target the file inputCAMOFOX_UPLOADS_DIR, default/home/node/cv-uploads) to prevent the endpoint being used to read arbitrary files from the containertab:set_input_filesplugin event consistent with the rest of the interaction surfaceTest plan
refnorselectorwith 400npm run test:e2e)🤖 Generated with Claude Code