From 82dc767415f002512e5c0dc0fe917720db151203 Mon Sep 17 00:00:00 2001
From: "Vladimir.Y" <1560781+vladimiry@users.noreply.github.com>
Date: Tue, 26 Jul 2022 23:23:51 +0300
Subject: [PATCH] whitelist the "hcaptcha.com" related origins, #312

---
 src/electron-main/web-request/index.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts
index edc27d86b..4bd383dc1 100644
--- a/src/electron-main/web-request/index.ts
+++ b/src/electron-main/web-request/index.ts
@@ -117,6 +117,14 @@ export function initWebRequestListenersByAccount(
                     );
                     return isStorageSubdomain ? [url.origin] : [];
                 })(),
+                ...(() => {
+                    // the iframe page generated by /core/v4/captcha?Token=... request at least loads the following stuff:
+                    //   - script: https://hcaptcha.com/1/api.js?onload=loadCaptcha&render=explicit
+                    //   - subFrame: https://newassets.hcaptcha.com/captcha/v1/335f764/static/hcaptcha.html
+                    //   - possibly https://accounts.hcaptcha.com
+                    // so whitelisting it with subdomains
+                    return url.origin === "https://hcaptcha.com" || url.origin.endsWith(".hcaptcha.com") ? [url.origin]: [];
+                })(),
             ].map(parseUrlOriginWithNullishCheck),
         ]);
     };