Skip to content

Comments

Fix CAPTCHA and Cloudflare verification by preserving credentials and request properties#37

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/fix-cloudflare-verification-captcha
Draft

Fix CAPTCHA and Cloudflare verification by preserving credentials and request properties#37
Copilot wants to merge 3 commits intomainfrom
copilot/fix-cloudflare-verification-captcha

Conversation

Copy link
Contributor

Copilot AI commented Nov 20, 2025

CAPTCHA verification (reCAPTCHA, hCaptcha, Cloudflare Turnstile) was failing due to cookies being rejected and requests losing credentials when proxied.

Root Causes

Service Worker (sw.js)

  • Request mode was being overridden (navigatesame-origin), breaking cookie handling
  • Enhanced CAPTCHA requests weren't passed to proxy handlers (UV/Scramjet)
  • Critical headers (Referer) and properties (cache, redirect) weren't preserved

CAPTCHA Handler (captcha-handler.ts)

  • Only handled reCAPTCHA cookies (_GRECAPTCHA), ignoring hCaptcha and Cloudflare
  • Cookie descriptor modification lacked browser compatibility checks
  • XHR credentials weren't forced for CAPTCHA domains
  • Incomplete CAPTCHA domain detection (missing cdn-cgi, cf-assets)

Changes

sw.js

  • Preserve request mode, cache, and redirect properties
  • Pass enhanced requests through proxy by creating modified events:
if (isCaptcha) {
    const modifiedEvent = Object.create(event);
    modifiedEvent.request = request;
    return await uv.fetch(modifiedEvent);
}
  • Add Referer header preservation
  • Expand CAPTCHA domain list

captcha-handler.ts

  • Support all CAPTCHA cookie types: _GRECAPTCHA, _hcaptcha, cf_clearance, __cf_bm
  • Add configurable check and error handling for cookie descriptor
  • Force credentials: "include" for all CAPTCHA requests (handle "omit" case)
  • Properly type XMLHttpRequest overrides to fix TypeScript errors

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • telemetry.astro.build
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro build (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

fix cloudflare varfication and fix captias, aspecialy re captia. check if the request are workind or if the cookies are being rejected.


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@codesandbox
Copy link

codesandbox bot commented Nov 20, 2025

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

Copilot AI and others added 2 commits November 20, 2025 11:50
Co-authored-by: sriail <225764385+sriail@users.noreply.github.com>
…oxies

Co-authored-by: sriail <225764385+sriail@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix Cloudflare verification and captcha issues Fix CAPTCHA and Cloudflare verification by preserving credentials and request properties Nov 20, 2025
Copilot AI requested a review from sriail November 20, 2025 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants