Blocking non-API entry point requests prevents Tor logins requiring captchas

[Nothing4You]

Block non "API entry point"-based network requests prevents me from logging in through Tor if I'm prompted for a captcha:

Access to the "subFrame" resource with "https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd-api.onion/core/v4/captcha?Token=sometoken" URL has been forbidden. No matched value found in ["https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion","webclient2://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion","chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai"] URL origins list for "https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd-api.onion" value.

Might also be a general issue with captchas when connecting through Tor as I don't think that -api.onion is a valid Tor address.

[vladimiry]

Duplicate of #419.

I don't think that -api.onion is a valid Tor address.

Correct. It appears that @protonmail missed enabling the captcha endpoints for the API entry points other than https://mail.protonmail.com/.

[vladimiry]

Block non "API entry point"-based network requests prevents me from logging in through Tor if I'm prompted for a captcha:

This is an indication that the blocking feature is actually functional since captcha endpoints are not currently whitelisted in the app's code as I was not aware that such kind of endpoints are used by @ProtonMail. Btw, they changed the captcha endpoint just something like 3 months back, see ProtonMail/react-components@453f224.