By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Successful WAF CAPTCHA challenge is not updating aws_waf_token cookie

0

My application is rendering the CAPTCHA challenge from a WAF intercepted 405 response in an iframe. While successful completion of the puzzle renders the "That is correct, Success! You will be redirected shortly" text, the aws_waf_token cookie does not get updated in the chrome/firefox/safari/edge browser.

Looking more closely at the network traffic, when user submits the puzzle answer a successful POST call from the challenge.js to the "verify" endpoint completes but the subsequent POST request to the "voucher" endpoint fails with an 'InvalidRequest' 400 error. The request payload for the failed voucher call has two properties:

  1. a 'captcha_voucher' with the value taken from the verify response
  2. a 'existing_token' property with a value of null.

Given that the CAPTCHA challenge is essentially a black box, I'm at a loss on how to address this issue. Has anyone else run into this?

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS WAFSecurity, Identity, & ComplianceAWS Well-Architected Framework
Language
English
jkoidahl
asked 2 years ago320 views
1 Answer
0

Hi, got any solution?

punith
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content