←back to thread

Anubis Works

(xeiaso.net)
319 points evacchi | 1 comments | 12 Apr 25 22:32 UTC | HN request time: 0s | source
Show context
tripdout ◴[12 Apr 25 22:52 UTC] No.43668552[source]
The bot detection takes 5 whole seconds to solve on my phone, wow.
replies(4): >>43668607 #>>43668678 #>>43668723 #>>43668824 #
Hakkin ◴[12 Apr 25 23:01 UTC] No.43668607[source]
Much better than infinite Cloudflare captcha loops.
replies(1): >>43668977 #
gruez ◴[13 Apr 25 00:15 UTC] No.43668977[source]
I've never had that, even with something like tor browser. You must be doing something extra suspicious like an user agent spoofer.
replies(3): >>43669011 #>>43669040 #>>43669198 #
praisewhitey ◴[13 Apr 25 01:07 UTC] No.43669198[source]
Firefox with Enhanced Tracking Protection turned on is enough to trigger it.
replies(2): >>43669228 #>>43670028 #
aaronmdjones ◴[13 Apr 25 04:12 UTC] No.43670028[source]
You need to whitelist challenges.cloudflare.com for third-party cookies.

If you don't do this, the third-party cookie blocking that strict Enhanced Tracking Protection enables will completely destroy your ability to access websites hosted behind CloudFlare, because it is impossible for CloudFlare to know that you have solved the CAPTCHA.

This is what causes the infinite CAPTCHA loops. It doesn't matter how many of them you solve, Firefox won't let CloudFlare make a note that you have solved it, and then when it reloads the page you obviously must have just tried to load the page again without solving it.

https://i.imgur.com/gMaq0Rx.png

replies(1): >>43671279 #
genewitch ◴[13 Apr 25 09:08 UTC] No.43671279[source]
You're telling me cloudflare has to store something on my computer to let them know I passed a captcha?

This sounds like "we only save hashed minutiae of your biometrics"

replies(3): >>43672849 #>>43672901 #>>43675330 #
1. aaronmdjones ◴[13 Apr 25 19:46 UTC] No.43675330[source]
> You're telling me cloudflare has to store something on my computer to let them know I passed a captcha?

Yes?

HTTP is stateless. It always has been and it always will be. If you want to pass state between page visits (like "I am logged in to account ..." or "My shopping cart contains ..." or "I solved a CAPTCHA at ..."), you need to be given, and return back to the server on subsequent requests, cookies that encapsulate that information, or encapsulate a reference to an identifier that the server can associate with that information.

This is nothing new. Like gruez said in a sibling comment; this is what session cookies do. Almost every website you ever visit will be giving you some form of session cookie.