Open
Description
There's this new CAPTCHA on 4chan.org which provides two ways of using it:
- JSON response from
https://sys.4chan.org/captcha?board={boardId}&thread_id={threadId}- Returns CAPTCHA info object, but is behind CloudFlare anti-spam protection, so it may return an HTML verification page instead, which means that it would be cumbersome to use for 3rd-party applications, and won't work at all for 3rd-party websites.
- HTML response from
https://sys.4chan.org/captcha?framed=1&board={boardId}&thread_id={threadId}- The returned HTML page performs
window.parent.postMessage()with CAPTCHA info object argument. - But it doesn't work either due to a "Content Security Policy" error:
"Refused to display 'sys.4chan.com' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://*.4chan.org""
- The returned HTML page performs
The reason for the <iframe/> not working is Content-Security-Policy HTTP response header having value frame-ancestors https://*.4chan.org;. The fix would be either not specifying that HTTP response header at all, or maybe specifying it to be frame ancestors *;.
Metadata
Metadata
Assignees
Labels
No labels