banjax icon indicating copy to clipboard operation
banjax copied to clipboard

Published 20 hours ago verified publisher icon equalitie

Challenger should warn, not ban, humans browsing with cookies disabled

Open graphiclunarkid opened this issue 8 years ago • 0 comments

Reproduction steps

  1. Enable sha_inv challenge for a website.
  2. Prevent that website from setting cookies by disabling them in browser (e.g. CSLite plugin).
  3. Visit the website.

Current behaviour

The browser solves the sha_inv challenge and returns the result, but banjax bans the IP anyway, as it can't set a cookie. The user receives a 504 error and cannot access the website.

Proposal

Detect whether cookies are enabled, and if they are not but the browser solves the sha_inv successfully, inform the user that cookies are required instead of banning them (at least the first time).

graphiclunarkid avatar Apr 06 '16 10:04 graphiclunarkid