Enhance CAPTCHA and cookie handling for proxy support

[Copilot]

CAPTCHA providers (reCAPTCHA, hCaptcha, Cloudflare Turnstile) and cookies require special handling to work through the proxy. The existing domain detection was incomplete and some Cloudflare verification patterns were missing.

Changes

CAPTCHA Domain Detection

• Added comprehensive patterns for reCAPTCHA, hCaptcha, and Cloudflare Turnstile
• Added hCaptcha subdomains: imgs.hcaptcha.com, js.hcaptcha.com
• Added Cloudflare browser verification: cf-chl-bypass.cloudflare.com
• Added URL pattern-based detection in service worker for /recaptcha/, /hcaptcha/, /turnstile/, /cdn-cgi/challenge, cf-chl

Cookie Handling

• Enhanced detection for Cloudflare cookies: cf_clearance, __cf, _cfuvid, cf_chl
• Added CSRF/XSRF token detection for important cookies
• Added more heavy cookie domains: x.com, tiktok.com, pinterest.com

Code Quality

• Removed redundant iframe detection patterns
• Refactored URL pattern matching to array-based approach

// URL patterns for CAPTCHA detection
const CAPTCHA_URL_PATTERNS = [
    "/recaptcha/",
    "/hcaptcha/",
    "/turnstile/",
    "/cdn-cgi/challenge",
    "cf-chl"
];

function isCaptchaRequest(url) {
    const urlStr = url.toString().toLowerCase();
    const matchesDomain = CAPTCHA_DOMAINS.some((domain) => urlStr.includes(domain));
    const matchesPattern = CAPTCHA_URL_PATTERNS.some((pattern) => urlStr.includes(pattern));
    return matchesDomain || matchesPattern;
}

Note: Manual testing was limited due to network restrictions in sandbox environment. Real-world testing recommended for CAPTCHA verification flows.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• example.com
  • Triggering command: /usr/local/bin/node node server/index.js (dns block)
• telemetry.astro.build
  • Triggering command: /node_modules/.bin/node node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro build (dns block)
  • Triggering command: /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro astro build (dns block)
  • Triggering command: /home/node_modules/.bin/node node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro build (dns block)
• www.google.com
  • Triggering command: /usr/local/bin/node node server/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

update and test to be shure that captas work through the proxy (ensure that they work by testing manualy, test cloudflare browser varification, h capta, and re capta, to be shure that they work, look at the browser errors, and fix and test to ensure that they work. check cookies and server, and client functionality ensures that cookies work corectley throgh the site.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

• Start Development Server
• Start Production Server