Page MenuHomePhabricator
Create Task
Maniphest T411198

hCaptcha: Don't call siteverify if no token is provided
Closed, ResolvedPublic
Actions

Description

Summary

There's no need to call the /siteverify endpoint if the client hasn't supplied a token.

Notes

Acceptance criteria

  • Calls to /siteverify are not made when $token is null in passCaptcha(), and a log message is generated when this is the case

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hCaptcha: skip siteverify API call when token missingmediawiki/extensions/ConfirmEditmaster+59 -6
Customize query in gerrit

Related Objects

Event Timeline

kostajh created this task.Nov 27 2025, 3:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 27 2025, 3:28 PM
kostajh moved this task from Backlog to Ready on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 27 2025, 3:29 PM
kostajh updated the task description. (Show Details)
kostajh moved this task from Backlog to Ready on the WE4.2 Bot detection (WE4.2 hCaptcha editing trial) board.
Chuiimuii_ofc claimed this task.Nov 27 2025, 3:44 PM
Chuiimuii_ofc removed a subscriber: Aklapper.
Dreamy_Jazz added a subscriber: Aklapper.Nov 27 2025, 3:45 PM
gerritbot added a comment.Nov 27 2025, 4:34 PM

Change #1212177 had a related patch set uploaded (by Chuiimuii_ofc; author: Chuiimuii_ofc):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha: skip siteverify when token missing

https://gerrit.wikimedia.org/r/1212177

gerritbot added a project: Patch-For-Review.Nov 27 2025, 4:34 PM
gerritbot added a comment.Nov 27 2025, 4:43 PM

Change #1212177 had a related patch set uploaded (by Chuiimuii_ofc; author: Chuiimuii_ofc):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha: skip siteverify when token missing

https://gerrit.wikimedia.org/r/1212177

Dreamy_Jazz moved this task from Ready to Needs review on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 28 2025, 11:04 AM
kostajh moved this task from Ready to In progress on the WE4.2 Bot detection (WE4.2 hCaptcha editing trial) board.Nov 28 2025, 11:40 AM
OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12); removed Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)).Dec 1 2025, 9:05 AM
OKryva-WMF moved this task from Backlog to Needs review on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 1 2025, 9:05 AM
kostajh moved this task from Needs review to Needs QA on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 1 2025, 1:31 PM
kostajh moved this task from In progress to QA on the WE4.2 Bot detection (WE4.2 hCaptcha editing trial) board.
gerritbot added a comment.Dec 1 2025, 1:45 PM

Change #1212177 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] hCaptcha: skip siteverify API call when token missing

https://gerrit.wikimedia.org/r/1212177

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.5; 2025-12-02).Dec 1 2025, 11:00 PM
EAkinloose moved this task from QA to Done on the WE4.2 Bot detection (WE4.2 hCaptcha editing trial) board.Dec 5 2025, 3:57 PM
kostajh closed this task as Resolved.Dec 8 2025, 9:00 AM
hector.arroyo moved this task from Needs QA to Done on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 9 2025, 9:49 AM
Chuiimuii_ofc added a project: RoadToWiki.Fri, Dec 19, 4:08 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits