There's this new CAPTCHA on 4chan.org which provides two ways of using it:
JSON response from https://sys.4chan.org/captcha?board={boardId}&thread_id={threadId}
Returns CAPTCHA info object, but is behind CloudFlare anti-spam protection, so it may return an HTML verification page instead, which means that it would be cumbersome to use for 3rd-party applications, and won't work at all for 3rd-party websites.
HTML response from https://sys.4chan.org/captcha?framed=1&board={boardId}&thread_id={threadId}
The returned HTML page performs window.parent.postMessage() with CAPTCHA info object argument.
But it doesn't work either due to a "Content Security Policy" error:
"Refused to display 'sys.4chan.com' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://*.4chan.org""
The reason for the <iframe/> not working is Content-Security-Policy HTTP response header having value frame-ancestors https://*.4chan.org;. The fix would be either not specifying that HTTP response header at all, or maybe specifying it to be frame ancestors *;.
There's this new CAPTCHA on
4chan.org
which provides two ways of using it:https://sys.4chan.org/captcha?board={boardId}&thread_id={threadId}
https://sys.4chan.org/captcha?framed=1&board={boardId}&thread_id={threadId}
window.parent.postMessage()
with CAPTCHA info object argument.The reason for the
<iframe/>
not working isContent-Security-Policy
HTTP response header having valueframe-ancestors https://*.4chan.org;
. The fix would be either not specifying that HTTP response header at all, or maybe specifying it to beframe ancestors *;
.