search

NanoMeow / QuickReports

Quick issue reports manager
GNU General Public License v3.0
15 stars 4 forks source link

corneey.com #333

Closed NanoMeow closed 5 years ago

NanoMeow commented 5 years ago

Basic Information

Test link: http://corneey.com/wLknXW Category: breakage Reported from: Mexico Template version: 2

User Environment

Browser: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:63.0) Gecko/20100101 Firefox/63.0 Extension: Nano Defender 15.0.0.72

Additional Message

Nano defender doesnt allow the captcha loading in firefox

jspenguin2017 commented 5 years ago

Shortest bypassing is not working anymore.

Captcha is working for me. @LiCybora image

LiCybora commented 5 years ago

Yes, there is issue for Firefox. I am working on it.

image

LiCybora commented 5 years ago

I guess I have quick fix for it, but the fix may affect Chromium and Edge. The problem is Firefox treated webRequest.onBeforeSendHeaders as asynchronous event listeners, while both Chromium and Edge does not support asynchronous event listener (just from MDN notes, I don't have them to test with). I will include the fix in v15.0.0.74 first anyway.

PS: The solution may not be optimal. I just follow the MDN example and change the code to async and problem solved.

Reference: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeSendHeaders

Edit: I overlook I make a typo which totally break the solution. Above things are just trash, please ignore.

Edit 2: I recognize the problem now. Seems Firefox throw exception when there is no user-agent (recaptcha attempt to read the user agent string). That's why removing the user-agent break the recaptcha js running.

image

My attempt to fix it is to spoof as other UA instead of removing it (however, the verification page will also gone and directly to target link, but maybe just for this site and untested on other so unsure whether there is side effect.) Any better idea for this?

jspenguin2017 commented 5 years ago

I thought the chrome namespace only accepts synchronous handlers or asynchronous handlers with callbacks (when available), and the browser namespace is for asynchronous handlers with promises.

Are you sure the timer bypassing is still working after the change? Maybe edit the user agent to Google Bot or something?

jspenguin2017 commented 5 years ago

Hum, I might want to try a bot user agent, maybe it goes through the timer and verification altogether.

LiCybora commented 5 years ago

Yes I tried Google bot and curl UA, both bypass timer and verification, directly forward to target link. I am not sure whether all sites in the rule will work in the same way

jspenguin2017 commented 5 years ago

Fixed.