My application is rendering the CAPTCHA challenge from a WAF intercepted 405 response in an iframe. While successful completion of the puzzle renders the "That is correct, Success! You will be redirected shortly" text, the aws_waf_token cookie does not get updated in the chrome/firefox/safari/edge browser.
Looking more closely at the network traffic, when user submits the puzzle answer a successful POST call from the challenge.js to the "verify" endpoint completes but the subsequent POST request to the "voucher" endpoint fails with an 'InvalidRequest' 400 error. The request payload for the failed voucher call has two properties:
- a 'captcha_voucher' with the value taken from the verify response
- a 'existing_token' property with a value of null.
Given that the CAPTCHA challenge is essentially a black box, I'm at a loss on how to address this issue.
Has anyone else run into this?
AWS 官方已更新 2 年前