Rewrite navigator.permissions evasion

pyppeteer_stealth/js/navigator.permissions.js

@@ -1,23 +1,43 @@
 // https://github.com/berstend/puppeteer-extra/blob/c44c8bb0224c6bba2554017bfb9d7a1d0119f92f/packages/puppeteer-extra-plugin-stealth/evasions/navigator.permissions/index.js
 
 () => {
-  const handler = {
-    apply: function (target, ctx, args) {
-      const param = (args || [])[0]
+  const isSecure = document.location.protocol.startsWith("https");
 
-      if (param && param.name && param.name === 'notifications') {
-        const result = { state: Notification.permission }
-        Object.setPrototypeOf(result, PermissionStatus.prototype)
-        return Promise.resolve(result)
-      }
-
-      return utils.cache.Reflect.apply(...arguments)
-    }
+  // In headful on secure origins the permission should be "default", not "denied"
+  if (isSecure) {
+    utils.replaceGetterWithProxy(Notification, "permission", {
+      apply() {
+        return "default";
+      },
+    });
   }
 
-  utils.replaceWithProxy(
-    window.navigator.permissions.__proto__, // eslint-disable-line no-proto
-    'query',
-    handler
-  )
-}
+  // Another weird behavior:
+  // On insecure origins in headful the state is "denied",
+  // whereas in headless it's "prompt"
+  if (!isSecure) {
+    const handler = {
+      apply(target, ctx, args) {
+        const param = (args || [])[0];
+
+        const isNotifications =
+          param && param.name && param.name === "notifications";
+        if (!isNotifications) {
+          return utils.cache.Reflect.apply(...arguments);
+        }
+
+        return Promise.resolve(
+          Object.setPrototypeOf(
+            {
+              state: "denied",
+              onchange: null,
+            },
+            PermissionStatus.prototype
+          )
+        );
+      },
+    };
+    // Note: Don't use `Object.getPrototypeOf` here
+    utils.replaceWithProxy(Permissions.prototype, "query", handler);
+  }
+}