You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When hCaptcha is implemented, the response strips your specified subdomain, resulting in failure.
# Matrix Authentication Service Logs
2024-11-20T12:59:23.821722Z ERROR
http.server.request {
otel.kind = "server",
otel.name = "POST /register",
network.protocol.name = "http",
network.protocol.version = "1.1",
http.request.method = "POST",
url.path = "/register",
url.scheme = "http",
http.route = "/register",
url.query = "id=01JD4TDY0DZ1ZHQBBN9BJ7B8FH&kind=continue_compat_sso_login",
user_agent.original = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
}:
handlers.views.register.post:
captcha.verify {
captcha.service = "HCaptcha",
captcha.hostname = "ninbura.com",
captcha.challenge_ts = "2024-11-20T12:59:19.000000Z"
}:
mas_handlers::captcha:
crates/handlers/src/captcha.rs:157:
error = The hostname in the CAPTCHA response ("ninbura.com") does not match the site hostname ("mauth.ninbura.com")
To Reproduce
Steps to reproduce the behavior:
Configure Matrix Authentication Service to run on a subdomain
Configure Site in hCaptcha GUI w/ subdomain in the Domains section (ie mauth.ninbura.com).
Attempt to create an account via Matrix Authentication Service
See error in Matrix Authentication Service logs and GUI.
Expected behavior
hCaptcha response should return full domain including the subdomain.
Screenshots
Desktop (please complete the following information):
macOS Sequoia v15.1 | Windows 11 Pro N for Workstations v26100.2314
Arc (Chromium) | Zen (Gecko)
Additional context
I'm running Matrix & Matrix Authentication Server on Ubuntu 24.04 via Docker.
Note that mauth.ninbura.com is the only domain that I have listed in the hCaptcha Site settings. I've tried adding ninbura.com & matrix.ninbura.com, as well as creating entirely new Site entries, and refreshing my secrets.
This will return the headers, which all correctly point to mauth.ninbura.com and not ninbura.com. The only place I can find ninbura.com displayed is in the certificate. I used certbot to create a new cert exclusive to mauth.ninbura.com and that did not fix the issue. Happy to share my nginx configuration if needed, but I believe this curl should reveal that it's good.
ninbura.com is not hardcoded anywhere in my Matrix repository (Matrix and MAS configurations) or relevant nginx configurations, only matrix.ninbura.com and mauth.ninbura.com. I have no clue where it could be getting ninbura.com outside of something that explicitly Matrix Authentication Service is passing outside of my control. Though, I'd be happy to hear that it's user error and something that I can resolve.
Here's a link to my full configuration for both my Matrix server & Matrix Authentication Service. synapse.yml = homserver.yaml & synapse-mas.yml = config.yaml. I use my the Dockerfile.substitute image + entrypoint.sh script to substitute secrets in each configuration, and copy them into the proper locations/volumes for runtime.
The text was updated successfully, but these errors were encountered:
Describe the bug
When hCaptcha is implemented, the response strips your specified subdomain, resulting in failure.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
hCaptcha response should return full domain including the subdomain.
Screenshots
Desktop (please complete the following information):
Additional context
I'm running Matrix & Matrix Authentication Server on Ubuntu 24.04 via Docker.
Note that
mauth.ninbura.comis the only domain that I have listed in the hCaptcha Site settings. I've tried addingninbura.com&matrix.ninbura.com, as well as creating entirely new Site entries, and refreshing my secrets.This will return the headers, which all correctly point to
mauth.ninbura.comand notninbura.com. The only place I can findninbura.comdisplayed is in the certificate. I used certbot to create a new cert exclusive tomauth.ninbura.comand that did not fix the issue. Happy to share my nginx configuration if needed, but I believe this curl should reveal that it's good.ninbura.comis not hardcoded anywhere in my Matrix repository (Matrix and MAS configurations) or relevant nginx configurations, onlymatrix.ninbura.comandmauth.ninbura.com. I have no clue where it could be gettingninbura.comoutside of something that explicitly Matrix Authentication Service is passing outside of my control. Though, I'd be happy to hear that it's user error and something that I can resolve.Here's a link to my full configuration for both my Matrix server & Matrix Authentication Service.
synapse.yml=homserver.yaml&synapse-mas.yml=config.yaml. I use my theDockerfile.substituteimage +entrypoint.shscript to substitute secrets in each configuration, and copy them into the proper locations/volumes for runtime.The text was updated successfully, but these errors were encountered: