whitelist the "hcaptcha.com" related origins, #312

vladimiry · Jul 26, 2022 · 82dc767 · 82dc767
1 parent 57e8556
commit 82dc767
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts
@@ -117,6 +117,14 @@ export function initWebRequestListenersByAccount(
                     );
                     return isStorageSubdomain ? [url.origin] : [];
                 })(),
+                ...(() => {
+                    // the iframe page generated by /core/v4/captcha?Token=... request at least loads the following stuff:
+                    //   - script: https://hcaptcha.com/1/api.js?onload=loadCaptcha&render=explicit
+                    //   - subFrame: https://newassets.hcaptcha.com/captcha/v1/335f764/static/hcaptcha.html
+                    //   - possibly https://accounts.hcaptcha.com
+                    // so whitelisting it with subdomains
+                    return url.origin === "https://hcaptcha.com" || url.origin.endsWith(".hcaptcha.com") ? [url.origin]: [];
+                })(),
             ].map(parseUrlOriginWithNullishCheck),
         ]);
     };