bike24.com shows captcha all the time since the update

[LuftWafflePilot]

Ever since the last update (31.3) hit PM, this damn eshop started to annoy the shit out of me with captchas. I don't ever remember this happening there.
No idea what's going on, but I guess there's nothing I can do

https://www.bike24.com/p2642439.html for example

[Moonchild]

Make sure you're not forcefully blocking all cookies.

[Blacklab]

Your example 'bike24.com' website is using 'hcaptcha' as now supplied by Cloudflare...
Try reloading the page when faced with captcha page. The normal 'bike24' page opened on reload when tested using a completely clean Pale Moon profile.

One option is to load the 'bike24' site once... accept their cookie offer... then the 'hcaptcha' shouldn't appear on subsequent visits.
Alternatively, and if not fussed about privacy, then I believe there is some way you can sign into the 'hcatpcha' service itself which then recognises you/your IP address is not a 'bot' when visiting all sites using their system?

[Moonchild]

hcaptcha is not the problem.
The problem is aggressive blocking of cookies that are being used to store the verification of passing the captcha.

[LuftWafflePilot]

I simply use Ublock Origin. How do I know whether it's blocking specific cookies?
What do I do?

Bottom line is, I haven't changed anything about how I access the website, and now it's giving me problems. I don't get it.

[Moonchild]

Bottom line is, I haven't changed anything about how I access the website, and now it's giving me problems. I don't get it.

I have a pretty good idea what is causing this.
Pale Moon by default now sends the "Origin" request header. this will trigger a more stringent check on the request by Cloudflare when encountered, which in turn makes it more sensitive to overzealous removal or blocking of cookies that are required for its access check when it is in "I'm under attack" mode, which bike24 currently is (they shouldn't use it unless they are actively under attack at this very moment). Of note also that you passing a challenge is subject to a timeout: after a specified amount of time you will have to solve the captcha again, so if that is the issue you're having then that is by design in "I'm under attack" mode.

I can't say anything about how this interacts with uBlock and your specific settings of it or the filter lists you are using, nor do i know how you could see exactly what is being blocked, because, frankly, I don't use that extension.

[sciuro]

What about the above mentioned proposal "load the 'bike24' site once... accept their cookie offer... then the 'hcaptcha' shouldn't appear on subsequent visits"?
Just did that with both uBlock origin & Adblock Latitude installed and bike24.com is working nice, so the problem could be elsewhere. By the way PM 31.3.01 here.
Also, can you clean all your history? Sometimes an old cookie could be the culprit.

PS: if you suspect uBlock origin, just add your site to - chrome://ublock0/content/dashboard.html#whitelist.html

[Blacklab]

I simply use Ublock Origin. How do I know whether it's blocking specific cookies?

uBlock Origin (uBO) isn't a simple 'black box' Ad blocking extension, it has many powerful additional features. So, you can 'know' or find out exactly what your particular uBO set-up, with your unique selection of filter lists, is blocking for every webpage you load by using uBO's built-in 'logger' function.

You will need to read up on how uBO's logger works... lots of info in uBO's own Wiki pages (link on uBO's Dashboard > under 'About' tab) and elsewhere online: https://duckduckgo.com/?q=using+ublock+ ... s=1&ia=web

Just remember uBO's logger can only log activity if it is open... then you can open the 'bike24' page and inspect logger.

PS. The uBO compatible with Pale Moon is a Legacy version - uBO 1.16.4.30... which originates from mid-2018. The logger function has not changed greatly since, but here is a link to uBO's logger Wiki page from mid-2018 via WayBackMachine (WBM): https://web.archive.org/web/20180520182 ... The-logger)

[gepus]

@LuftWafflePilot

The site opens fine here. No captcha at all. (BTW, I'm using uBlockO as well.)
Make sure that cookies and scripting are allowed.

If it still doesn't work for you test with a fresh profile.

[jobbautista9]

I have a pretty good idea what is causing this.
Pale Moon by default now sends the "Origin" request header. this will trigger a more stringent check on the request by Cloudflare when encountered, which in turn makes it more sensitive to overzealous removal or blocking of cookies that are required for its access check when it is in "I'm under attack" mode, which bike24 currently is (they shouldn't use it unless they are actively under attack at this very moment). Of note also that you passing a challenge is subject to a timeout: after a specified amount of time you will have to solve the captcha again, so if that is the issue you're having then that is by design in "I'm under attack" mode.

Yes, this is exactly it. Since I'm the one who added the support for the Origin request header to the platform, I'm pretty confident that the Origin header is a factor here. This issue, which I first encountered in fanfiction.net, is why I didn't have the Origin header support enabled by default when it was introduced in Pale Moon 31.2.0.

Even right now the issue is present in fanfiction.net. The cookie seems to only last for about 6 hours, so I do end up having to solve the CAPTCHA multiple times in a day. But sometimes I get lucky and it skips the CAPTCHA for me when doing the browser check...

If one is really annoyed by the constant CAPTCHAs (maybe they're in private browsing mode where cookies won't be saved), they can disable Origin header support as a workaround by setting network.http.sendOriginHeader to 0.

But yeah, the proper solution for this would be for websites to not use "under attack" mode all the time, and for Cloudflare to tweak their settings to not have their robot check be too hostile against small browsers like us. Maybe I will write an email to ff.net about this later...

[gepus]

If one is really annoyed by the constant CAPTCHAs (maybe they're in private browsing mode where cookies won't be saved), ...

I tested several times in private browsing mode and the site opens fine without any captcha.
All I get is a request to select between cookie options.
Cookies persist in memory as long as the browser won't be closed.