Skip to content

fix: avoid impersonation for captcha API JSON requests#110

Open
zy6p wants to merge 2 commits intoTheSmallHanCat:mainfrom
zy6p:fix/internal-captcha-api-no-impersonate
Open

fix: avoid impersonation for captcha API JSON requests#110
zy6p wants to merge 2 commits intoTheSmallHanCat:mainfrom
zy6p:fix/internal-captcha-api-no-impersonate

Conversation

@zy6p
Copy link
Copy Markdown

@zy6p zy6p commented Mar 31, 2026

Summary

  • remove curl_cffi browser impersonation when calling captcha API JSON endpoints
  • keep the existing AsyncSession client, but send plain JSON POSTs for createTask / getTaskResult
  • apply the fix to both admin score-test and runtime FlowClient captcha token fetching

Why

curl_cffi with impersonate="chrome110"/"chrome120" can cause FastAPI/Uvicorn services to receive an empty request body for JSON POSTs.

That breaks self-hosted YesCaptcha-compatible services such as OhMyCaptcha with:

{"detail":[{"type":"missing","loc":["body"],"msg":"Field required","input":null}]}

Reproduction

Using curl_cffi==0.7.3 against a FastAPI/Uvicorn OhMyCaptcha service:

  • AsyncSession().post(..., json=payload) => works
  • AsyncSession().post(..., json=payload, impersonate="chrome110") => 422 / missing body
  • AsyncSession().post(..., json=payload, impersonate="chrome120") => 422 / missing body

Validation

I validated the patched image locally against a live OhMyCaptcha instance:

  • src.api.admin._solve_recaptcha_with_api_service(...) returned a token successfully
  • FlowClient._get_api_captcha_token(...) returned a token successfully

Both paths now reach /createTask and /getTaskResult with normal 200 responses instead of 422 missing body.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zy6p