Added timeout to first-party requests

Update captcha template
PerimeterX · Dec 11, 2023 · 2379b8d · 2379b8d
1 parent d72329d
commit 2379b8d
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,9 +11,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Added 
 - Support for header-based logger feature
 - Added `risk_start_time` and `enforcer_start_time` fields to enforcer activities.
+- Updated the configuration of PX first-party requests to include a connection timeout
 
 ### Changed
 - Changed the structure of the headers field on async activities to array
+- Updated the captcha template to handle empty captcha responses
 
 ## [3.11.0] - 2023-05-16
 

diff --git a/lib/pxconfig.js b/lib/pxconfig.js
@@ -103,7 +103,8 @@ class PxConfig {
             ['JWT_HEADER_USER_ID_FIELD_NAME', 'px_jwt_header_user_id_field_name'],
             ['JWT_HEADER_ADDITIONAL_FIELD_NAMES', 'px_jwt_header_additional_field_names'],
             ['CUSTOM_IS_SENSITIVE_REQUEST', 'px_custom_is_sensitive_request'],
-            ['LOGGER_AUTH_TOKEN', 'px_logger_auth_token']
+            ['LOGGER_AUTH_TOKEN', 'px_logger_auth_token'],
+            ['FIRST_PARTY_TIMEOUT', 'px_first_party_timeout']
         ];
 
         configKeyMapping.forEach(([targetKey, sourceKey]) => {
@@ -363,7 +364,8 @@ function pxDefaultConfig() {
         JWT_HEADER_USER_ID_FIELD_NAME: '',
         JWT_HEADER_ADDITIONAL_FIELD_NAMES: [],
         CUSTOM_IS_SENSITIVE_REQUEST: '',
-        LOGGER_AUTH_TOKEN: ''
+        LOGGER_AUTH_TOKEN: '',
+        FIRST_PARTY_TIMEOUT: 4000
     };
 }
 
@@ -437,7 +439,8 @@ const allowedConfigKeys = [
     'px_jwt_header_user_id_field_name',
     'px_jwt_header_additional_field_names',
     'px_custom_is_sensitive_request',
-    'px_logger_auth_token'
+    'px_logger_auth_token',
+    'px_first_party_timeout'
 ];
 
 module.exports = PxConfig;
diff --git a/lib/pxproxy.js b/lib/pxproxy.js
@@ -32,7 +32,7 @@ function getCaptcha(req, config, ip, reversePrefix, cb) {
     const callData = {
         url: `https://${config.CAPTCHA_HOST}${pxRequestUri}`,
         headers: pxUtil.filterSensitiveHeaders(req.headers, config.SENSITIVE_HEADERS),
-        timeout: config.API_TIMEOUT_MS
+        timeout: config.FIRST_PARTY_TIMEOUT
     };
     callData.headers['host'] = config.CAPTCHA_HOST;
     callData.headers[config.ENFORCER_TRUE_IP_HEADER] = ip;
@@ -75,7 +75,7 @@ function getClient(req, config, ip, cb) {
     const callData = {
         url: `https://${config.CLIENT_HOST}${clientRequestUri}`,
         headers: pxUtil.filterSensitiveHeaders(req.headers, config.SENSITIVE_HEADERS),
-        timeout: config.API_TIMEOUT_MS
+        timeout: config.FIRST_PARTY_TIMEOUT
     };
     callData.headers['host'] = config.CLIENT_HOST;
     callData.headers[config.ENFORCER_TRUE_IP_HEADER] = ip;
@@ -110,7 +110,7 @@ function sendCDXHR(req, config, ip, reversePrefix, cb) {
         const callData = {
             url: `https://${config.CD_XHR_HOST}${xhrRequestUri}`,
             headers: pxUtil.generateProxyHeaders(req.headers, req.ip, config.SENSITIVE_HEADERS, config.FORWARDED_FOR_HEADER),
-            timeout: config.API_TIMEOUT_MS
+            timeout: config.FIRST_PARTY_TIMEOUT
         };
 
         callData.headers['host'] = config.CD_XHR_HOST;
@@ -179,7 +179,7 @@ function sendXHR(req, config, ip, reversePrefix, cb) {
         const callData = {
             url: `https://${config.COLLECTOR_HOST}${pxRequestUri}`,
             headers: pxUtil.generateProxyHeaders(req.headers, req.ip, config.SENSITIVE_HEADERS, config.FORWARDED_FOR_HEADER),
-            timeout: config.API_TIMEOUT_MS
+            timeout: config.FIRST_PARTY_TIMEOUT
         };
 
         callData.headers['host'] = config.COLLECTOR_HOST;

diff --git a/lib/templates/block_template.mustache b/lib/templates/block_template.mustache
@@ -15,21 +15,51 @@
     window._pxVid = '{{vid}}';
     window._pxUuid = '{{uuid}}';
     window._pxAppId = '{{appId}}';
-    window._pxMobile = {{isMobile}};
     window._pxHostUrl = '{{{hostUrl}}}';
     window._pxCustomLogo = '{{{customLogo}}}';
     window._pxJsClientSrc = '{{{jsClientSrc}}}';
+    window._pxMobile = {{isMobile}};
     window._pxFirstPartyEnabled = {{firstPartyEnabled}};
-    var pxCaptchaSrc = '{{{blockScript}}}';
 
+    var pxCaptchaSrc = '{{{blockScript}}}';
     var script = document.createElement('script');
     script.src = pxCaptchaSrc;
-    script.onerror = function () {
+    script.onload = onScriptLoad;
+    script.onerror = onScriptError;
+    var onScriptErrorCalled;
+    document.head.appendChild(script);
+    var timeoutID = setTimeout(onScriptError, 5000);
+
+    function onScriptLoad() {
+        clearTimeout(timeoutID);
+        setTimeout(function() {
+            if (isCaptchaNotLoaded()) {
+                onScriptError();
+            }
+        }, 1000);
+    }
+    function onScriptError() {
+        if (onScriptErrorCalled) {
+            return;
+        }
+        onScriptErrorCalled = true;
         script = document.createElement('script');
-        script.src = '{{altBlockScript}}';
+        script.src = '{{{altBlockScript}}}';
+        script.onload = function() {
+            clearTimeout(timeoutID);
+        };
         script.onerror = window._pxOnError;
         document.head.appendChild(script);
-    };
+        timeoutID = setTimeout(function() {
+            if (isCaptchaNotLoaded()) {
+                window._pxOnError();
+            }
+        }, 5000);
+    }
+    function isCaptchaNotLoaded() {
+        return !document.querySelector('div');
+    }
+
     window._pxOnError = function () {
         var style = document.createElement('style');
         style.innerText = '@import url(https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap);body{background-color:#fafbfc}.px-captcha-error-container{position:fixed;height:340px;background-color:#fff;font-family:Roboto,sans-serif}.px-captcha-error-header{color:#f0f1f2;font-size:29px;margin:67px 0 33px;font-weight:500;line-height:.83;text-align:center}.px-captcha-error-message{color:#f0f1f2;font-size:18px;margin:0 0 29px;line-height:1.33;text-align:center}.px-captcha-error-button{text-align:center;line-height:48px;width:253px;margin:auto;border-radius:50px;border:solid 1px #f0f1f2;font-size:20px;color:#f0f1f2}.px-captcha-error-wrapper{margin:18px 0 0}div.px-captcha-error{margin:auto;text-align:center;width:400px;height:30px;font-size:12px;background-color:#fcf0f2;color:#ce0e2d}img.px-captcha-error{margin:6px 8px -2px 0}.px-captcha-error-refid{border-top:solid 1px #f0eeee;height:27px;margin:13px 0 0;border-radius:0 0 3px 3px;background-color:#fafbfc;font-size:10px;line-height:2.5;text-align:center;color:#b1b5b8}@media (min-width:620px){.px-captcha-error-container{width:530px;top:50%;left:50%;margin-top:-170px;margin-left:-265px;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (min-width:481px) and (max-width:620px){.px-captcha-error-container{width:85%;top:50%;left:50%;margin-top:-170px;margin-left:-42.5%;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (max-width:480px){body{background-color:#fff}.px-captcha-error-header{color:#f0f1f2;font-size:29px;margin:55px 0 33px}.px-captcha-error-container{width:530px;top:50%;left:50%;margin-top:-170px;margin-left:-265px}.px-captcha-error-refid{position:fixed;width:100%;left:0;bottom:0;border-radius:0;font-size:14px;line-height:2}}@media (max-width:390px){div.px-captcha-error{font-size:10px}.px-captcha-error-refid{font-size:11px;line-height:2.5}}';
@@ -44,10 +74,9 @@
             }, 5000);
         }
     };
-    document.head.appendChild(script);
 </script>
 {{#jsRef}}
     <script src="{{{jsRef}}}"></script>
 {{/jsRef}}
 </body>
-</html>
+</html>