From 00b004b4db33915067798c6083247bb148c667bc Mon Sep 17 00:00:00 2001 From: Pop Chunhapanya Date: Sat, 19 Feb 2022 12:01:14 +0800 Subject: [PATCH 1/2] Update the body param qualification I think we cannot use h-captcha-response alone because otherwise there will be no indicator that indicates it's a Cloudflare website. And cf_captcha_kind is no longer available, let's use cf_ch_verify instead. --- src/background/providers/cloudflare.test.ts | 14 +++++++------- src/background/providers/cloudflare.ts | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/background/providers/cloudflare.test.ts b/src/background/providers/cloudflare.test.ts index a5198bd9..2b93a8d4 100644 --- a/src/background/providers/cloudflare.test.ts +++ b/src/background/providers/cloudflare.test.ts @@ -107,7 +107,7 @@ describe('issuance', () => { requestBody: { formData: { ['h-captcha-response']: ['body-param'], - ['cf_captcha_kind']: ['body-param'], + ['cf_ch_verify']: ['body-param'], }, }, }; @@ -120,13 +120,13 @@ describe('issuance', () => { expect(issueInfo!.requestId).toEqual(details.requestId); expect(issueInfo!.formData).toStrictEqual({ ['h-captcha-response']: 'body-param', - ['cf_captcha_kind']: 'body-param', + ['cf_ch_verify']: 'body-param', }); }); /* * The request is invalid only if the body has both - * 'h-captcha-response' and 'cf_captcha_kind' params. + * 'h-captcha-response' and 'cf_ch_verify' params. */ test('invalid request', async () => { const storage = new StorageMock(); @@ -174,7 +174,7 @@ describe('issuance', () => { requestId: 'xxx', formData: { ['h-captcha-response']: 'body-param', - ['cf_captcha_kind']: 'body-param', + ['cf_ch_verify']: 'body-param', }, }; provider['issueInfo'] = issueInfo; @@ -202,7 +202,7 @@ describe('issuance', () => { expect(issue.mock.calls.length).toBe(1); expect(issue).toHaveBeenCalledWith('https://captcha.website/?__cf_chl_f_tk=token', { ['h-captcha-response']: 'body-param', - ['cf_captcha_kind']: 'body-param', + ['cf_ch_verify']: 'body-param', }); expect(navigateUrl.mock.calls.length).toBe(1); @@ -230,7 +230,7 @@ describe('issuance', () => { requestId: 'xxx', formData: { ['h-captcha-response']: 'body-param', - ['cf_captcha_kind']: 'body-param', + ['cf_ch_verify']: 'body-param', }, }; provider['issueInfo'] = issueInfo; @@ -253,7 +253,7 @@ describe('issuance', () => { expect(issue.mock.calls.length).toBe(1); expect(issue).toHaveBeenCalledWith('https://captcha.website/?__cf_chl_f_tk=token', { ['h-captcha-response']: 'body-param', - ['cf_captcha_kind']: 'body-param', + ['cf_ch_verify']: 'body-param', }); expect(navigateUrl.mock.calls.length).toBe(1); diff --git a/src/background/providers/cloudflare.ts b/src/background/providers/cloudflare.ts index 5eb226a7..7262fa3f 100644 --- a/src/background/providers/cloudflare.ts +++ b/src/background/providers/cloudflare.ts @@ -13,7 +13,7 @@ const ISSUANCE_BODY_PARAM_NAME = 'blinded-tokens'; const COMMITMENT_URL = 'https://raw.githubusercontent.com/privacypass/ec-commitments/master/commitments-p256.json'; -const QUALIFIED_BODY_PARAMS = ['h-captcha-response', 'cf_captcha_kind']; +const QUALIFIED_BODY_PARAMS = ['h-captcha-response', 'cf_ch_verify']; const CHL_BYPASS_SUPPORT = 'cf-chl-bypass'; const DEFAULT_ISSUING_HOSTNAME = 'captcha.website'; From cbbe6c7d9bc4d86ec1ea937e3896129bea42ad1a Mon Sep 17 00:00:00 2001 From: Pop Chunhapanya Date: Sat, 19 Feb 2022 12:05:22 +0800 Subject: [PATCH 2/2] Bump the version to v3.0.2 --- package.json | 2 +- public/manifest.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 915811ae..f49ca097 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "privacy-pass", - "version": "3.0.1", + "version": "3.0.2", "contributors": [ "Suphanat Chunhapanya ", "Armando Faz " diff --git a/public/manifest.json b/public/manifest.json index a6676770..6d077952 100644 --- a/public/manifest.json +++ b/public/manifest.json @@ -2,7 +2,7 @@ "name": "Privacy Pass", "manifest_version": 2, "description": "Client support for Privacy Pass anonymous authorization protocol.", - "version": "3.0.1", + "version": "3.0.2", "icons": { "32": "icons/32/gold.png", "48": "icons/48/gold.png",