Current Releases: Known Issues

All Techs

Applies to: .NET v4.4.1, Java v4.0.Beta3.6, and PHP v4.2.4

Both APIs:

  • Captcha Audio fails to play in the UC Browser on Android
    The issue does not affect the UC Browser on iOS.
    The issue does not affect the UC Browser on Windows.
    We are still investigating the root cause of it.

Simple API:

  • Captcha endpoint adds the hardcoded Access-Control-Allow-Origin:* header to its responses
    If the web-server is configured to set Access-Control-Allow-Origin header to all responses the following error will occur: "The 'Access-Control-Allow-Origin' header contains multiple values -- but only one is allowed."
    The temporary workaround is web-server / version specific but always boils down to making sure that your web-server does not add the Access-Control-Allow-Origin header to the captcha endpoint handler's responses.
    We fixed it by introducing the following two option tags to the botdetect.xml file: accessControlAllowOriginHeaderEnabled, accessControlAllowOriginHeaderValue
    The fix will be included in the next minor release.
  • Because of various reasons BotDetect requires app's frontend and backend hosts to be at the same domain -- where the domain name is determined by utilizing the TLD/SLD suffixes list
    The Same-Domain rule violation causes the captcha endpoint to become overly-defensive and reject such requests with some form of a custom "400 Bad Request" error messages.
    The root causes and solutions can be very different, per instance:
    • In environments with self-defined, arbitrary, internal TLDs:
      • If you use the fronted.local and backend.local for development purposes
      • The solution is to use frontend.app.local and backend.app.local instead
    • If your server's configuration prevents the client from sending the referrer string to the same origin URLs:
      • The solution is to change/fix your server configuration for captcha endpoint URLs
    • If your reverse-proxy strips the referrer strings sent by clients:
      • The solution is to change/fix your reverse-proxy configuration for captcha endpoint URLs
    • Etc.
    We decided to switch to delivering of progressively more difficult captcha challenges (that you may not like) instead of responding with "400 Bad Requests" error messages. This will allow your integration effort to continue while you are investigating your case's root cause of the problem.
    The temporary workaround (we will temporary switch off the Same-Domain rule) will be included in the next minor release.
    The full fix will be gradually included over the subsequent minor releases.

Issue Pipeline:

  • None.

.NET v4.4.1

Simple API:

  • If the SQLite session storage is used and the System.Data.SQLite.Core assembly is not referenced in your app's project, no '5xx Error' status is sent to the client
    Instead, a captcha is generated; and the subsequent captcha validation fails.
    This misleads about the root cause of the problem.
    The solution is to reference the missing System.Data.SQLite.Core nuget package in your app's project.
    This is already fixed and the fix will be included in the next minor release.
  • Captcha stylesheet fails to load if frontend and backend are on different hosts.
    The temporary workaround is to disable the automatic captcha stylesheet include, as described here, and then add it back manually by adding the following lines into your view:
    <link rel="stylesheet" 
      href="https://your-app-backend-hostname/simple-captcha-endpoint.ashx?get=layout-stylesheet"> 
    
    This is already fixed and the fix will be included in the next minor release.

Traditional API:

ASP.NET Core on .NET Core | ASP.NET Core on legacy .NET:

  • We forgot to support Model validation in MVC Core 1/2
    The temporary workaround is to execute captcha validation by calling the MvcCaptcha.Validate(userInput, validatingInstanceId) in the controller action.
    This is already fixed and the fix will be included in the next minor release.

Issue Pipeline:

  • None.

Java v4.0.Beta3.6

Simple API:

  • If the default HSQLDB persistence provider is used and the hsqldb.jar is not in your app's classpath, no '5xx Error' status is sent to the client
    Instead, a captcha is generated; and the subsequent captcha validation fails.
    This misleads about the root cause of the problem.
    The solution is to add the missing hsqldb.jar as a build dependency in your app's project.
    This is already fixed and the fix will be included in the next minor release.

Issue Pipeline:

  • None.

PHP v4.2.4

Both APIs:

  • No PHP-specific bugs since the latest release

Issue Pipeline:

  • None.