0

I'm trying to embed an image captcha on a webpage, using an external endpoint to retrieve the image and another external endpoint to send the string presented in the image. The endpoint that retrieves the image is the following:

https://geoportale.cartografia.agenziaentrate.gov.it/age-inspire/srv/ita/Captcha?type=image&lang=it

The endpoint to call to check the answer is the following:

https://geoportale.cartografia.agenziaentrate.gov.it/age-inspire/srv/ita/Captcha?type=check&captcha=<CAPTCHA ANSWER>

When I try to interrogate the endpoints from the Postman app, everything is working fine and the second endpoint correctly returns a JSON that contains a token.

{
"result": true,
"token": "ELhyVkRnOP1L9tvwCdiHr7er0skegNBsq8tzXzfo8DJfrNSvD2lXyc6el5r%2B2b3BTxFRyWTtNNDUsggVeoP%2FY6vvgLKRB3c%2B3%2F9Zs9oCGQpoSORUSlQ8qkMb6VZeSZ3X85uDeCndTHJYdvIZxVpplOY1YyOBRZX%2BGtdBOEO2xMJNsJ4VPaDgoXxyT7ubAAH2Fv0zvlLDxyyav5hpUseD6AZUYyTLuNH14LxOd9YglnhQBVo4s8OeUuYlrDTm%2BWCRaOM1R6q0jdrkerbydO9AixFa0lM7v3qHdV6D%2BaaIzy%2BvdIlUrv%2FUIm3dpN3Izlt1DgN7QTxhi%2FQbgxS8CyD1ww%3D%3D",
"message": ""
}

When I try to do the same in a webpage, the response from the second api is always false, no matter what's inside the captcha parameter for the second endpoint.

{
"result": false,
"token": "",
"message": null
}

Here's the codepen that implements what I have done in my webpage: https://codepen.io/tidabliu/pen/BaOMEOL

HTML

<!DOCTYPE html>
<html>
  <head>
  </head>
  <body>
    <div>
      <img id="captcha-img" src="">
    </div>
    <div>
      <label for="captcha-input">Insert captcha:</label>
      <input id="captcha-input" name="captcha-input" type="text">
      <div id="submit-captcha" class="btn">Check</div>
    </div>
  </body>
</html>

JavaScript

$(document).ready(function() {
   var token = ''
  $('#captcha-img').attr('src', 'https://geoportale.cartografia.agenziaentrate.gov.it/age-inspire/srv/ita/Captcha?type=image&lang=it');
  
  $('#submit-captcha').click(function() {
    var captchaValue = $('#captcha-input').val();

      if (captchaValue == '') {
        alert('Insert captcha.');
        return;
      }
              $.get("https://geoportale.cartografia.agenziaentrate.gov.it/age-inspire/srv/ita/Captcha?type=check&captcha="+captchaValue, function(response) {
         if (response.result == 'true') {
           token = response.token
           alert(token)
         } else {
           alert('Inserted Captcha is not correct.');
           return;
         }
      });
  });
});

Since using Postman I am able to retrieve the token I am guessing something that Postman does (maybe implicitly) is missing in my implementation, but I cannot figure out what it is.

EDIT: Seems like it has something to do with cookies, since removing the JSESSIONID cookie from postman before doing the second call always results in a failure

m.piras
  • 345
  • 1
  • 2
  • 19

0 Answers0