- Newest
- Most votes
- Most comments
Hello.
If you do not integrate CAPTCHA authentication, you will need to perform processing on the application side so that the accessing user is redirected to another page when authentication is complete.
If you integrate CAPTCHA authentication, this part of redirection will not be necessary on the application side.
This setting is advantageous for applications that do not require reloading, such as SPA sites created with React etc.
https://aws.amazon.com/about-aws/whats-new/2023/04/aws-waf-captcha-javascript-api-support/?nc1=h_ls
AWS WAF Captcha redirected customers to a different page for solving the Captcha problem. With this release, developers can improve the Captcha customer experience by embedding Captcha problems in their existing webpages, including Single Page applications (SPAs).
Relevant content
- asked a year ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
I see. Does it mean the users will be allowed to solve the Captcha problem on the same web page (e.g. login page)? For example, with integration, when users access the login page, they are asked to solve the Captcha problem on the same login page.
Without integration, the flow will look like this. browse login page --> redirected to Captcha page --> redirected to login page again after solving Captcha
Is that correct?
This part will be processed as follows. Perform CAPTCHA authentication when logging in on the login page --> redirected to login page again after solving Captcha
I think it's easier to understand what happens on the browser around here by looking at the "Network" tab in the browser's developer tools. In fact, you can see that when you access a web page that requires CAPTCHA authentication, a new page is loaded after authentication is completed. If you have CAPTCHA authentication integration enabled, you will notice that new pages will not load after authentication is complete.
Thank you so much, Riku. Can I also use Captcha or Challenge with POST requests? What I am trying to do is when users click submit in the login form, they will be presented with a Captcha or a Challenge. Only if they pass the Captcha or Challenge, their submit login attempt will be sent to the server.
I think it needs to be put in before running POST. In other words, you need to set it to the GET request of the screen that sends the POST request instead of setting it to the POST request. https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-and-challenge-best-practices.html