Cloudflare Turnstile failure #1738
Comments
|
👋 @ttb-inc NOTE: This comment is auto-generated. Are you sure you have already searched for the same problem? Some people open new issues but they didn't search for something similar or for the same issue. Please, search for it using the GitHub issue search box or on the official inappwebview.dev website, or, also, using Google, StackOverflow, etc. before posting a new one. You may already find an answer to your problem! If this is really a new issue, then thank you for raising it. I will investigate it and get back to you as soon as possible. Please, make sure you have given me as much context as possible! Also, if you didn't already, post a code example that can replicate this issue. In the meantime, you can already search for some possible solutions online! Because this plugin uses native WebView, you can search online for the same issue adding Following these steps can save you, me, and other people a lot of time, thanks! |
|
@ttb-inc Did you have any solution for it yet ? |
We haven't solved it yet. |
|
I'm facing the same problem. |
|
Hi everyone, I'm an engineer working on Turnstile at Cloudflare. I'm afraid I'm unable to reproduce the issue, could you follow https://developers.cloudflare.com/turnstile/frequently-asked-questions/#how-can-i-obtain-the-ray-id-or-qr-code-for-troubleshooting and post the rayID or QR code here so I can follow-up? |
Hello! Thank you very much for helping to figure out the problem! I will try to assist; for me, it's quite straightforward, I turn on my personal VPN, which operates through an IP address of a server on DigitalOcean, attempt to access my app that uses this WebView plugin, open the link https://dash.cloudflare.com/ just to reach the point where Cloudflare shows me the robot check. I try to pass it and then I get errors in the logs, below I attach typical logs from the console. In turn, I tried to look at the traffic in a regular browser while passing this check and saw that the browser processes resources whose address starts with blob:https. But in the logs, I do not see that the WebView plugin tries to load such resources in any way. It seems like WebView can't work with blob:https right out of the box. How to get to the check doesn't matter at all, I just found the fastest way for myself to open the Cloudflare check. Logs:
Screenshot of the check page: |
|
Thanks, @RMatushkin!
What happens when you click the "Verify you are human" button? Do you get a failure icon and text?
We used to have navigations to I'm unable to reproduce the issue, both with a basic example of Do you only experience the issue on iOS? I see the reports about Android, but I can't reproduce those, even with the current latest few WebView versions. |
|
Hey @migueldemoura!
After clicking, a looping loading appears, in other words, nothing happens for a very long time. Then the square for clicking appears again.
Interesting fact, I really hope that blob resources really don’t have any effect.
I use exclusively iOS devices, I have no idea how the CloudFlare check behaves on Android devices. Plugin version: v6.0.0-beta.25 WebView settings: Used link: https://dash.cloudflare.com Here, I specifically recorded a short video that shows the problem in action: 74c145c5-43ed-40b3-a684-f5d4ca3c4610.mp4And here is logs file from the video: |
|
I can reproduce this on Android using my own test app and the above mentioned Ray ID: |
|
Anyone found a solution on this? I am encountering a similar issue (where the captcha gets rejected every single time for everyone that tried) |
I guess only @migueldemoura can help here. |
|
Any updates? |
|
It should be fixed now for iOS on the latest release. Instead, for Android WebView, it seems the problem could be related to the
@migueldemoura I don't know if one of you has managed to resolve Android WebView related problems in the past. |
|
@pichillilorenzo Thank you very much for taking the time to fix this error, we appreciate it <3 |
I just took the source code from the commit, rebuilt my iOS app based on this version, and saw that the issue with Cloudflare Turnstile hasn't been resolved. I looked at the changes you made, but I don't understand how they relate to the current issue. You only fixed the logging in the file ConsoleLogJS.swift. Will there be another commit that fixes the problem? |
|
Try to run |
|
I tested both links https://dash.cloudflare.com/ and https://app.1inch.io/ on real iPhone and it worked. |
|
Here is my screen recording:
Without that fix, I was getting Cloudflare verification to fail every time, for both URLs. Test code: import 'dart:async';
import 'package:flutter/foundation.dart';
import 'package:flutter/material.dart';
import 'package:flutter_inappwebview/flutter_inappwebview.dart';
Future main() async {
WidgetsFlutterBinding.ensureInitialized();
if (!kIsWeb && defaultTargetPlatform == TargetPlatform.android) {
await InAppWebViewController.setWebContentsDebuggingEnabled(kDebugMode);
}
runApp(const MaterialApp(home: MyApp()));
}
class MyApp extends StatefulWidget {
const MyApp({super.key});
@override
State<MyApp> createState() => _MyAppState();
}
class _MyAppState extends State<MyApp> {
final GlobalKey webViewKey = GlobalKey();
InAppWebViewController? webViewController;
InAppWebViewSettings settings =
InAppWebViewSettings(isInspectable: kDebugMode);
@override
void initState() {
super.initState();
}
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(
title: const Text('Example'),
actions: [
ElevatedButton(onPressed: () {
webViewController?.loadUrl(
urlRequest: URLRequest(url: WebUri('https://app.1inch.io/')));
}, child: const Text('Try app.1nch.io')),
ElevatedButton(onPressed: () {
webViewController?.loadUrl(
urlRequest: URLRequest(url: WebUri('https://dash.cloudflare.com/')));
}, child: const Text('Try dash.cloudflare.com'))
],
),
body: Column(children: <Widget>[
Expanded(
child: InAppWebView(
key: webViewKey,
initialUrlRequest:
URLRequest(url: WebUri("https://dash.cloudflare.com/")),
initialSettings: settings,
onWebViewCreated: (InAppWebViewController controller) {
webViewController = controller;
},
)),
]));
}
} |
Hmm, I tried the official webview flutter plugin and from what I remember Turnstile was passing fine there on Android. |
|
@pichillilorenzo Thank you very much for your help! Indeed, after I ran the |
|
@RMatushkin 👍 that’s because I published a new minor version with the fix on the iOS-specific implementation package, but the main plugin has not been updated. @AlexDochioiu hmm I will try and check again. |
@pichillilorenzo I just read your I was unable to reproduce this on Android, but would like to get this working for you all. When it fails, could you submit feedback via the 
|
|
Fixed also on Android now! You can update to the newly published plugin version @migueldemoura the error was caused by the same code spot on Android. Here is just an example of what I'm talking about. var oldConsoleLog = console.log;
console.log = function() {
var message = '';
for (var i in arguments) {
message += message === '' ? arguments[i] : ' ' + arguments[i];
}
oldConsoleLog.apply(null, arguments, 'myValue');
}This wrapping would cause the issue that we were having here. Instead, this code would simply work: var oldConsoleLog = console.log;
console.log = function() {
oldConsoleLog.apply(null, arguments, 'myValue');
}I also tried adding just code comments or whitespaces, and it would still break, so it seems like it depends on how many characters the log functions of the As I said, it doesn't make any sense to me on why this would cause the issue on Cloudflare. 🤷♂️ |
|
I checked the new version 6.0.0-rc.1, and it works well on both Android and iOS. |
|
I still see this error on newest version 6.0.0 on iOS (Flutter 3.16.5, iOS 16.x). Steps to produce:
After adding a
@pichillilorenzo what about an option to disable this console wrapper? |
|
Hi, I can reproduce this issue on iOS using latest version of the library, with this URL: https://etherscan.io/myaccount |
|
Thanks for the reports, I will check it as soon as possible. @endyquang about Android, I should be able to change the current wrapper without impacting the Chrome debug console. |
…OW for InAppWebViewSettings.windowType, fix pichillilorenzo#1738, Fixed InAppWebViewController.callAsyncJavaScript Android-issue when the last line of the functionBody parameter includes a code comment
|
import 'dart:developer'; import 'package:flutter/material.dart'; class CloudFlareTurnstileWidget extends StatelessWidget { @OverRide final String htmlContent = ''' <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=_turnstileCb" defer></script> <style> #myWidget { max-width: 330px; margin: auto; } </style> <script> function _turnstileCb() {}
|
|
Código de erro: 600010 |
|
If I try to run the script directly in the index.html, without going through the flutter it works: |
|
A few days ago I published the Cloudflare Turnstile widget on pub.dev. |
|
@Nika0000 Thanks, it worked perfectly |
|
Having this issue using 6.0.0. My settings are as follows: Initialised by: Seems like other web views also have similar issues: https://community.cloudflare.com/t/turnstile-no-longer-working-inside-of-ios-apps-in-wkwebview/637940/8 Is there a similar alternative for the in app web view to use for originWhitelist in case that is the issue? |
|
Hey @stickeerehan, |
|
Looks like in my case the culprit after trial and error was the setting 'useShouldInterceptAjaxRequest' - having this breaks the Cloudflare turnstile. Can confirm it works with the default settings |
|
@endyquang I released flutter_inappwebview_android version 1.1.2 for the latest plugin version removing the custom wrapper as the native WebChromeClient.onConsoleMessage event seems to be working correctly, so you should see the logged objects properly on the chrome inspector. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug and a minimal reproduction of the issue. |
Environment
Device information:
Description
I am loading a webpage with "Cloudflare Turnstile" applied.
However, the webview of flutter_inappwebview seems to have a security error.
All other browsers (PC, Mobile) are passing fine.
I would like to know what the problem is.
If anyone has any knowledge about this issue, please help me.
Thank you.
Steps to reproduce
My InAppWebViewSettings
Test Page
https://app.1inch.io/
Images
Stacktrace/Logcat
The text was updated successfully, but these errors were encountered: