login()` fails with `Response status: 403` from Cloudflare — "Failed to parse response body

[ItanSutarlan]

Description

When calling scraper.login(username, password, email), the login fails immediately with a Cloudflare 403 response during the pre-flight or onboarding task request. The response body is an HTML Cloudflare block/challenge page rather than JSON, causing the library to throw "Failed to parse response body".

Error Log

Login Error Error: Response status: 403
| headers: "cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  cf-ray: 9e9eeb3beef85c61-CGK
  connection: keep-alive
  content-type: text/html; charset=UTF-8
  server: cloudflare
  ..."
| data: Failed to parse response body

Environment

• Library version: x.x.x
• Node.js version: vxx.x.x
• OS / Hosting:
• IP type:
• cf-ray PoP code: CGK (Jakarta)

Steps to Reproduce

1. Call await scraper.login(username, password, email)
2. Observe the error thrown

Expected Behavior

Login completes successfully and scraper.isLoggedIn() returns true.

Actual Behavior

ApiError is thrown with HTTP 403 and data: Failed to parse response body. The raw response is a Cloudflare HTML challenge page, not a Twitter API JSON response.

Additional Context

• The Cloudflare cf-ray header is present, confirming the block is at the Cloudflare layer, before Twitter's own API is reached.
• This is likely related to Cloudflare Errors when loggin #78.
• Tried the following workarounds (check any that apply):
  • Waiting and retrying
  • Using a different IP / residential proxy
  • Cookie-based auth via scraper.setCookies()
  • Enabling 2FA on the account

Question for Maintainers

Is there a supported way to handle Cloudflare JS challenges in the pre-flight step, or is cookie-based auth now the only reliable method for server-side environments?