Skip to main content
WolfShade
WolfShade
Brainiac
July 31, 2019
Answered

Issues with custom-built CAPTCHA

  • July 31, 2019
  • 2 replies
  • 2889 views

Hello, all,

We recently had our CAPTCHA bypassed (not surprising, as I kind of had to do a hack-ish job with it due to some security restrictions) and I custom-built a new one.

Apparently, our production environment is not 100% identical to our dev or staging environments, as it works well in those.

I just received an email from the customer stating that 1) the CAPTCHA is not matching in FireFox (possibly due to a constantly changing JSESSIONID), and 2) IE11 will not display the image, at all.  I checked for #2, and in production IE11 does, indeed, _not_ display the image.

On the code level, the image is being created like the following:

<img style="width: 200px; height: 85px;" src="data:image/*;base64,{and a long string of blob data}" />

Any suggestions?  I am at the end of my rope on this one.

V/r,

^ _ ^

    This topic has been closed for replies.
    Correct answer EddieLotter

    Okay, so I've done some research on this, and according to a Raymond Camden blog post what I am trying to do will only work if the image being served was from an existing image file because it will have a file extension indicating what kind of image file it is (.gif, .jpg, .png, etc.)  Since CF imageCreateCaptcha() is being used, there is apparently no default image type, so there's no file extension.

    Okay, that makes sense, but still you'd think that CFCONTENT could detect the type and use that.  Right?  Guess not.

    I tried following Raymond's example to print a blank space on the image, so as not to interfere with the CAPTCHA letters/numbers/symbols, but it isn't working.  The last error message I got was: "Verify your inputs. The source file should contain an extension,so that ColdFusion can determine the image format. "

    I'm using CFHEADER to name the file 'captchaimage.png' (also tried .gif and .jpg) but I guess that isn't good enough.

    Any other thoughts?

    V/r,

    ^ _ ^


    In your cfcontent tag, the "type" parameter must be a MIME type. Try "image/jpeg" or "image/png" and see what works.

    2 replies

    Charlie Arehart
    Charlie Arehart
    Community Expert
    July 31, 2019

    Are you saying you MUST stay with that custom-built captcha? Or are your asking for recommendations of ones that have worked?

    /Charlie (troubleshooter, carehart. org)
    WolfShade
    WolfShadeAuthor
    Brainiac
    July 31, 2019

    I _have_ to stay with my custom-built CAPTCHA, or build another one, because we are proscribed from using third-party turnkey solutions.  Rare exceptions are allowed, such as jQuery and Bootstrap (neither of which is CDN, must be local).  But we cannot use anything like Google's reCAPTCHA, or any other company's CAPTCHA product.

    We cannot use CFIMAGE to create the CAPTCHA because something in our settings/configuration/security is preventing CFIMAGE from being used (I think that access to the CFFileServlet folder is being denied, but don't know for sure.)

    V/r,

    ^ _ ^

    WolfShade
    WolfShadeAuthor
    Brainiac
    August 5, 2019

    In your cfcontent tag, the "type" parameter must be a MIME type. Try "image/jpeg" or "image/png" and see what works.


    Okay, I tried it, and in IE if I changed the CFCONTENT type from "image" to "image/png" it didn't work.

    HOWEVER, your suggestion did get me on the right path, because I totally misunderstood what you were suggesting and tried the previous way of using src="data:image/png{blah blah blah}" in IE and it worked.  So.. I'm going to go ahead and mark your answer as correct and hope that anyone else having this issue reads further down to see what I finally wound up doing. 

    V/r,

    ^ _ ^

    EddieLotter
    EddieLotter
    Inspiring
    July 31, 2019

    Navigate to the page that should display the image.

    Press F12 to open Developer Tools.

    Click the "Network" tab.

    Refresh the Web page.

    In the "Result/Description" column of the "Network" tab, do you see any error result codes?

    WolfShade
    WolfShadeAuthor
    Brainiac
    July 31, 2019

    The _only_ thing that doesn't come back as 200 is favicon.ico.  Everything else is 200.

    V/r,

    ^ _ ^

    UPDATE:  favicon.ico has been fixed.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices