Like most people who think about it, I disable JavaScript in my browser, and I re-enable it on a site-by-site basis. Sometimes a site depends on an obscure and deeply-nested JavaScript library to work, and mostly I just ignore them. This week, I had to use a particular site because it has effectively monopolized the market I'm trying to enter, and I got blocked by the CAPTCHA.

After the usual rigmarole (i.e. using Chrome Developer Tools and looking for likely-looking page resources, opening a new tab where I request /robots.txt from that host, then enable JavaScript for that host) repeatedly failed; and after I started disabling Privacy Badger and AdBlock and other things, still to no avail; I finally broke down and treated it like a software problem. I used a full reload in the aforementioned dev tools, saved the whole interaction as a HAR file, and broke out Python to go get me a list of all the URL hostnames, and went through them systematically. The very first one (when sorted asciibetically) was the one. It was https://0513fc98c88f182b76f21b0469bb9cad.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html which is of course autogenerated.

So: go to chrome://settings/content/javascript and add a new Allow entry for the pattern [*.]safeframe.googlesyndication.com and then immediately the captcha works. Damn, that was complicated. Now what hashtags can I use to help find this in the future?

#captcha #javascript #captchafail #proveyouarenotarobot #pleasedontbeevil