There's this new CAPTCHA on 4chan.org which provides two ways of using it:
- JSON response from
https://sys.4chan.org/captcha?board={boardId}&thread_id={threadId}
- Returns CAPTCHA info object, but is behind CloudFlare anti-spam protection, so it may return an HTML verification page instead, which means that it would be cumbersome to use for 3rd-party applications, and won't work at all for 3rd-party websites.
- HTML response from
https://sys.4chan.org/captcha?framed=1&board={boardId}&thread_id={threadId}
- The returned HTML page performs
window.parent.postMessage() with CAPTCHA info object argument.
- But it doesn't work either due to a "Content Security Policy" error:
"Refused to display 'sys.4chan.com' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://*.4chan.org""
The reason for the <iframe/> not working is Content-Security-Policy HTTP response header having value frame-ancestors https://*.4chan.org;. The fix would be either not specifying that HTTP response header at all, or maybe specifying it to be frame ancestors *;.
There's this new CAPTCHA on
4chan.orgwhich provides two ways of using it:https://sys.4chan.org/captcha?board={boardId}&thread_id={threadId}https://sys.4chan.org/captcha?framed=1&board={boardId}&thread_id={threadId}window.parent.postMessage()with CAPTCHA info object argument."Refused to display 'sys.4chan.com' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://*.4chan.org""
The reason for the
<iframe/>not working isContent-Security-PolicyHTTP response header having valueframe-ancestors https://*.4chan.org;. The fix would be either not specifying that HTTP response header at all, or maybe specifying it to beframe ancestors *;.