hCaptcha: Variablise api and verify urls

Bug: T378207
Change-Id: I62b7a418be4cb3a4a51937ae331a4aad22dc5732
This commit is contained in:
Reedy 2024-10-25 19:35:27 +01:00
parent cd607319c2
commit 106a63e3b4
4 changed files with 18 additions and 6 deletions

View file

@ -18,7 +18,7 @@
"value": "MediaWiki\\Extension\\ConfirmEdit\\hCaptcha\\HCaptcha" "value": "MediaWiki\\Extension\\ConfirmEdit\\hCaptcha\\HCaptcha"
}, },
"HCaptchaProxy": { "HCaptchaProxy": {
"description": "Proxy to use for outbound PHP web requests to hCaptcha servers", "description": "Proxy to use for outbound PHP web requests to hCaptcha servers (HCaptchaVerifyUrl)",
"value": false "value": false
}, },
"HCaptchaSiteKey": { "HCaptchaSiteKey": {
@ -32,6 +32,14 @@
"HCaptchaSendRemoteIP": { "HCaptchaSendRemoteIP": {
"description": "Whether to send the client's IP address to hCaptcha", "description": "Whether to send the client's IP address to hCaptcha",
"value": false "value": false
},
"HCaptchaApiUrl": {
"description": "Url that the hCaptcha JS is loaded from; may want to use https://cn1.hcaptcha.com/1/api.js?endpoint=https://cn1.hcaptcha.com&assethost=https://assets-cn1.hcaptcha.com&imghost=https://imgs-cn1.hcaptcha.com&reportapi=https://reportapi-cn1.hcaptcha.com for Chinese visitors",
"value": "https://js.hcaptcha.com/1/api.js"
},
"HCaptchaVerifyUrl": {
"description": "Url that the hCaptcha requested is verified against; may want to use https://cn1.hcaptcha.com/siteverify if server is in China",
"value": "https://api.hcaptcha.com/siteverify"
} }
}, },
"ConfigRegistry": { "ConfigRegistry": {

View file

@ -56,10 +56,11 @@ class HCaptcha extends SimpleCaptcha {
'data-sitekey' => $this->siteKey 'data-sitekey' => $this->siteKey
] ); ] );
$url = $this->hCaptchaConfig->get( 'HCaptchaApiUrl' );
return [ return [
'html' => $output, 'html' => $output,
'headitems' => [ 'headitems' => [
"<script src=\"https://hcaptcha.com/1/api.js\" async defer></script>" "<script src=\"$url\" async defer></script>"
] ]
]; ];
} }
@ -131,7 +132,7 @@ class HCaptcha extends SimpleCaptcha {
$sendRemoteIp = $this->hCaptchaConfig->get( 'HCaptchaSendRemoteIP' ); $sendRemoteIp = $this->hCaptchaConfig->get( 'HCaptchaSendRemoteIP' );
$proxy = $this->hCaptchaConfig->get( 'HCaptchaProxy' ); $proxy = $this->hCaptchaConfig->get( 'HCaptchaProxy' );
$url = 'https://hcaptcha.com/siteverify'; $url = $this->hCaptchaConfig->get( 'HCaptchaVerifyUrl' );
$data = [ $data = [
'secret' => $secretKey, 'secret' => $secretKey,
'response' => $token, 'response' => $token,

View file

@ -2,6 +2,7 @@
namespace MediaWiki\Extension\ConfirmEdit\hCaptcha; namespace MediaWiki\Extension\ConfirmEdit\hCaptcha;
use MediaWiki\Context\RequestContext;
use MediaWiki\Html\Html; use MediaWiki\Html\Html;
use MediaWiki\HTMLForm\HTMLFormField; use MediaWiki\HTMLForm\HTMLFormField;
@ -15,7 +16,7 @@ class HTMLHCaptchaField extends HTMLFormField {
/** /**
* Parameters: * Parameters:
* - key: (string, required) Public key * - key: (string, required) Public key
* - error: (string) Error from previous round * - error: (string) Error from the previous captcha round
* @param array $params * @param array $params
*/ */
public function __construct( array $params ) { public function __construct( array $params ) {
@ -32,9 +33,11 @@ class HTMLHCaptchaField extends HTMLFormField {
public function getInputHTML( $value ) { public function getInputHTML( $value ) {
$out = $this->mParent->getOutput(); $out = $this->mParent->getOutput();
// TODO: Inject config/similar...
$url = RequestContext::getMain()->getConfig()->get( 'HCaptchaApiUrl' );
$out->addHeadItem( $out->addHeadItem(
'h-captcha', 'h-captcha',
"<script src=\"https://hcaptcha.com/1/api.js\" async defer></script>" "<script src=\"$url\" async defer></script>"
); );
HCaptcha::addCSPSources( $out->getCSP() ); HCaptcha::addCSPSources( $out->getCSP() );
return Html::element( 'div', [ return Html::element( 'div', [

View file

@ -20,7 +20,7 @@ class ResourceLoaderHooks {
) { ) {
return [ return [
'hCaptchaSiteKey' => $config->get( 'HCaptchaSiteKey' ), 'hCaptchaSiteKey' => $config->get( 'HCaptchaSiteKey' ),
'hCaptchaScriptURL' => 'https://js.hcaptcha.com/1/api.js', 'hCaptchaScriptURL' => $config->get( 'HCaptchaApiUrl' )
]; ];
} }
} }