From 1c3f4fdc65f9101e5fe730708b8230745f29be47 Mon Sep 17 00:00:00 2001 From: Ali Maktabi Date: Sat, 7 Sep 2024 13:05:10 +0330 Subject: [PATCH 1/2] modified reading tokens from headers --- brightIDfaucet/settings.py | 7 +++++++ core/constraints/captcha.py | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/brightIDfaucet/settings.py b/brightIDfaucet/settings.py index 79dbf66..bbedd01 100644 --- a/brightIDfaucet/settings.py +++ b/brightIDfaucet/settings.py @@ -7,6 +7,8 @@ from dotenv import load_dotenv from sentry_sdk.integrations.django import DjangoIntegration +from corsheaders.defaults import default_headers + from faucet.faucet_manager.bright_id_interface import BrightIDInterface load_dotenv() @@ -244,6 +246,11 @@ def before_send(event, hint): else: CORS_ALLOW_ALL_ORIGINS = True +CORS_ALLOW_HEADERS = list(default_headers) + [ + 'cf-turnstile-response', + 'hc-turnstile-response', +] + # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.0/howto/static-files/ diff --git a/core/constraints/captcha.py b/core/constraints/captcha.py index 6b83d38..7c29e3a 100644 --- a/core/constraints/captcha.py +++ b/core/constraints/captcha.py @@ -31,7 +31,7 @@ def is_observed(self, *args, **kwargs) -> bool: context["request"] ) - turnstile_token = request_context.data.get("cf-turnstile-response") + turnstile_token = request_context.headers.get("cf-turnstile-response") return request_context.ip is not None and turnstile_token is not None and cloudflare.is_verified( turnstile_token, request_context.ip @@ -60,7 +60,7 @@ def is_observed(self, *args, **kwargs) -> bool: context["request"] ) - turnstile_token = request_context.data.get("hc-turnstile-response") or request_context.data.get("cf-turnstile-response") + turnstile_token = request_context.headers.get("hc-turnstile-response") return request_context.ip is not None and turnstile_token is not None and hcaptcha.is_verified( turnstile_token, request_context.ip From 67b63e6409d034a202252178bf342d3457631b6a Mon Sep 17 00:00:00 2001 From: Ali Maktabi Date: Sat, 7 Sep 2024 13:09:37 +0330 Subject: [PATCH 2/2] added comments for more readability --- brightIDfaucet/settings.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/brightIDfaucet/settings.py b/brightIDfaucet/settings.py index bbedd01..bafc6cb 100644 --- a/brightIDfaucet/settings.py +++ b/brightIDfaucet/settings.py @@ -246,6 +246,10 @@ def before_send(event, hint): else: CORS_ALLOW_ALL_ORIGINS = True + +# Add Turnstile response headers for CORS +# These headers are required for Cloudflare and HCaptcha Turnstile anti-bot service + CORS_ALLOW_HEADERS = list(default_headers) + [ 'cf-turnstile-response', 'hc-turnstile-response',