Flights

admin/Flights

Fork 0

Commit Graph

Author	SHA1	Message	Date
Trey t	c9992e2d11	Add JSX reverse-engineering notes Capture the findings from the JSXWebViewFetcher rewrite session: - The Navitaire /api/nsk/v4/availability/search/simple endpoint that actually contains the flight load data, including the request body shape and the nested response structure (journeysAvailableByMarket → fares joined with faresAvailable for price/class). - How the anonymous auth token lands in sessionStorage (navitaire.digital.token) and how to use it as the Authorization header on a direct fetch() from inside the page context. - The jsx.com SPA one-way form structure (trip-type mat-select, station pickers, custom two-month range picker with DONE button, Find Flights submit), and the selectors / strategies that work for each one. - The Osano cookie banner gotcha — its role="dialog" fools calendar detection, so the banner node must be force-removed after accepting. - The datepicker quirks: JSX uses a custom picker (not mat-calendar), renders in two phases (shell then cells), and day cells carry aria-labels in the format "Saturday, April 11, 2026" with a weekday prefix — so exact-match "April 11, 2026" fails but loose month+year+day-word-boundary matching works. - The central finding: WKWebView's synthetic DOM events have isTrusted=false, so JSX's datepicker never commits its day-cell selection into the Angular FormControl, Angular's search() sees the form as invalid, and no POST fires. Playwright doesn't hit this because CDP's Input.dispatchMouseEvent produces trusted events. - The Akamai surface: external HTTP clients are blocked, Playwright's own launch() is blocked on POST /search/simple (ERR_HTTP2_PROTOCOL _ERROR), connectOverCDP to a plain Chrome works, and WKWebView's same-origin fetch() from inside a loaded jsx.com page works. - The working approach (direct POST from page context using the sessionStorage token) and why it sidesteps both the trusted-events and the Akamai problems. - The network interceptor pattern that distinguishes "Angular never fired the POST" from "Angular fired it but the network rejected it" — critical for diagnosing the trusted-events trap. - Code pointers to the Swift runtime (JSXWebViewFetcher.swift), the iOS call site (AirlineLoadService.fetchJSXLoad), and the Playwright reference (scripts/jsx_playwright_search.mjs). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 10:54:56 -05:00

Author

SHA1

Message

Date

Trey t

c9992e2d11

Add JSX reverse-engineering notes

Capture the findings from the JSXWebViewFetcher rewrite session:

- The Navitaire /api/nsk/v4/availability/search/simple endpoint that
  actually contains the flight load data, including the request body
  shape and the nested response structure (journeysAvailableByMarket →
  fares joined with faresAvailable for price/class).
- How the anonymous auth token lands in sessionStorage
  (navitaire.digital.token) and how to use it as the Authorization
  header on a direct fetch() from inside the page context.
- The jsx.com SPA one-way form structure (trip-type mat-select,
  station pickers, custom two-month range picker with DONE button,
  Find Flights submit), and the selectors / strategies that work for
  each one.
- The Osano cookie banner gotcha — its role="dialog" fools calendar
  detection, so the banner node must be force-removed after accepting.
- The datepicker quirks: JSX uses a custom picker (not mat-calendar),
  renders in two phases (shell then cells), and day cells carry
  aria-labels in the format "Saturday, April 11, 2026" with a weekday
  prefix — so exact-match "April 11, 2026" fails but loose
  month+year+day-word-boundary matching works.
- The central finding: WKWebView's synthetic DOM events have
  isTrusted=false, so JSX's datepicker never commits its day-cell
  selection into the Angular FormControl, Angular's search() sees the
  form as invalid, and no POST fires. Playwright doesn't hit this
  because CDP's Input.dispatchMouseEvent produces trusted events.
- The Akamai surface: external HTTP clients are blocked, Playwright's
  own launch() is blocked on POST /search/simple (ERR_HTTP2_PROTOCOL
  _ERROR), connectOverCDP to a plain Chrome works, and WKWebView's
  same-origin fetch() from inside a loaded jsx.com page works.
- The working approach (direct POST from page context using the
  sessionStorage token) and why it sidesteps both the trusted-events
  and the Akamai problems.
- The network interceptor pattern that distinguishes "Angular never
  fired the POST" from "Angular fired it but the network rejected it"
  — critical for diagnosing the trusted-events trap.
- Code pointers to the Swift runtime (JSXWebViewFetcher.swift),
  the iOS call site (AirlineLoadService.fetchJSXLoad), and the
  Playwright reference (scripts/jsx_playwright_search.mjs).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 10:54:56 -05:00

1 Commits