old4ever/ca-marketplace-scraper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update ruler docs

Browse Source 
Signed-off-by: Dmytro Stanchiev <git@dmytros.dev>
This commit is contained in:
Dmytro Stanchiev
2026-04-28 22:29:12 -04:00
parent 11dce39428
commit b6aaec0b65
5 changed files with 51 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
cookies/.ruler/AGENTS.md
View File

@@ -1,55 +1,18 @@
# Marketplace Cookies Setup
# cookies
Both Facebook Marketplace and eBay require valid session cookies to bypass bot detection and access listings.
## Scope
## Cookie Configuration
- This directory is for cookie setup docs and local examples only.
- Treat any real browser cookie export as a secret, even if already present locally.
Authenticated scrapers now read cookies only from environment variables:
1. `FACEBOOK_COOKIE`
2. `EBAY_COOKIE`
## Runtime Sources
---
- Authenticated scrapers read raw `Cookie` header strings from environment variables such as `FACEBOOK_COOKIE` and `EBAY_COOKIE`.
- Some core entrypoints also accept explicit cookie strings from request/options; explicit input takes precedence over environment values.
## Facebook Marketplace
## Safety Rules
### Required Cookies
- `c_user`: Your Facebook user ID
- `xs`: Facebook session token
- `fr`: Facebook request token
- `datr`: Data attribution token
- `sb`: Session browser token
### Setup
```bash
export FACEBOOK_COOKIE='c_user=123; xs=token; fr=request'
```
Use the raw `Cookie` header string copied from an authenticated browser session.
---
## eBay
eBay has aggressive bot detection that blocks requests without valid session cookies.
### Setup
```bash
export EBAY_COOKIE='s=VALUE; ds2=VALUE; ebay=VALUE'
```
Use the raw `Cookie` header string copied from an authenticated browser session.
---
## Important Notes
- Cookies must be from active browser sessions
- Cookies expire and need periodic refresh
- **NEVER** commit real cookies to version control
- Platforms may still block automated scraping despite valid cookies
## Security
Do not commit real cookie values or store them in tracked files.
- Never commit real cookie values, browser exports, or session files.
- Use placeholder values in docs: `c_user=123; xs=token; fr=request`.
- Do not paste cookie values into logs, tests, fixtures, or generated agent docs.
- If editing this directory, verify diffs do not contain real `c_user`, `xs`, `fr`, `datr`, `sb`, `s`, `ds2`, or `ebay` values.