supabase
Captcha fails after migrating from hCaptcha to Turnstile
Bug report
Before opening a bug report, please verify the following:
- [x] I confirm this is a bug with Supabase, not with my own application.
- [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
Whenever trying to sign in or sign up, the captcha verification process fails (after migrating to turnstile and setting it up properly in the dashboard and verifying the token) with the following error:
captcha protection: request disallowed (timeout-or-duplicate)
To Reproduce
- Create a SvelteKit app and setup Supabase Auth with hCaptcha then migrate to Turnstile
- Try to authenticate (sign in or sign up)
Expected behavior
For the captcha verfication process to succeed.
Screenshots
- Dashnoard UI captcha section:
System information
- OS: Windows 10 22H2
- Version of supabase-js: 2.45.1
Additional context
What I'm using in my app that might interfere with the process:
- SvelteKit 2.5.0
- svelte-turnstile 0.8.0
I made sure:
- That the token is valid
- And that the form submission process doesn't interfere/ or is the cause of the issue
Error: (some paths and URLs of mine have been removed)
AuthApiError: captcha protection: request disallowed (timeout-or-duplicate)
at handleError (..\node_modules\@supabase\auth-js\dist\main\lib\fetch.js:63:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async _handleRequest (..\node_modules\@supabase\auth-js\dist\main\lib\fetch.js:108:9)
at async _request (..\node_modules\@supabase\auth-js\dist\main\lib\fetch.js:89:18)
at async SupabaseAuthClient.signInWithPassword (..\node_modules\@supabase\auth-js\dist\main\GoTrueClient.js:335:23)
at async logIn (../src/routes/auth/login/+page.server.ts:37:23)
at async Module.handle_action_request (../node_modules/@sveltejs/kit/src/runtime/server/page/actions.js:131:18)
at async Module.render_page (../node_modules/@sveltejs/kit/src/runtime/server/page/index.js:70:20)
at async resolve (../node_modules/@sveltejs/kit/src/runtime/server/respond.js:460:18)
at async Module.respond (../node_modules/@sveltejs/kit/src/runtime/server/respond.js:333:20) {
__isAuthError: true,
status: 400,
code: 'captcha_failed'
}
Error in the dashboard (event message):
{"component":"api","error":"400: captcha protection: request disallowed (timeout-or-duplicate)","level":"info","method":"POST","msg":"400: captcha protection: request disallowed (timeout-or-duplicate)","path":"/token","referer":"https://myurl.com/auth/callback","remote_addr":"myIPaddress","request_id":"8bad9138913194fe-LIS","time":"2024-08-29T15:27:48Z"}
hi @retr0cube, can you please open a ticket at https://supabase.help and link this github issue in the ticket? we would love to help figure out the root cause here but it helps us investigate the underlying issue much faster with your project's context
hi @retr0cube, can you please open a ticket at https://supabase.help and link this github issue in the ticket? we would love to help figure out the root cause here but it helps us investigate the underlying issue much faster with your project's context
ok, will do! Thanks for the response!
@retr0cube did you manage to fix this? i see reports and it's ongoing for 2-3 months
@retr0cube did you manage to fix this? i see reports and it's ongoing for 2-3 months
Hey, Managed to resolve issue! It was a mistake on my code I didn't notice
Hey, Managed to resolve issue! It was a mistake on my code I didn't notice
What was the mistake? Help us out here, in case anyone facing the same issue has made a similar mistake.
Hey, Managed to resolve issue! It was a mistake on my code I didn't notice
What was the mistake? Help us out here, in case anyone facing the same issue has made a similar mistake.
It was just a form validation issue, I was querying the wrong data without noticing