feat(procaptcha-frictionless): record iframe URL alongside top-frame URL#2818
Merged
Conversation
Widget now reports both the top-frame URL and the widget's own iframe URL on frictionless sessions. `currentUrl` remains the top-frame URL (resolution rules unchanged); `iframeUrl` carries the widget's own frame URL when embedded so analytics can distinguish the site-wide iframe endpoint from the page the user was actually on. Both fields are sanitised client- and server-side; only `currentUrl` is gated in the decision machine. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…machines Extends the previous commit: iframeUrl is now available alongside currentUrl on RoutingMachineRawSignals (route + postPow + dedup replay paths) and on the frictionless decision machine input, so a machine can key on the distinction between the widget's own frame URL and the top-frame URL. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
At session-creation time, derive a boolean `isProtect` from the (currentUrl,
iframeUrl) pair — true when the widget iframe was served from
`protect.<tenant>` and embedded in a page on the same tenant. New
`isProtectDeployment` helper in `@prosopo/util` does the check with strict
dot-boundary matching (rejects `attackerclient.com` vs `protect.client.com`)
and is case-insensitive.
Persisted only when true (matches the `isEscalation` pattern); a sparse
`{isProtect, createdAt}` index on the session collection makes retrieval by
boolean cheap. Post-PoW escalation sessions inherit the flag from the
origin session.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Auto-fix from `biome check --write` — CI biome lint was failing on line-wrap style in the new isProtectDeployment tests. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
currentUrl(top-frame URL — same resolution rules as before) andiframeUrl(widget's own frame URL when embedded,undefinedwhen the widget IS the top frame).Sessionrecord and forwards them onto post-PoW escalation sessions.currentUrlis gated in the decision machine — unchanged.iframeUrlis recorded for analytics so we can distinguish "Protect's site-wide iframe endpoint" from "the page the user was actually on".Follow-up to #2813, which resolved
currentUrlto the top frame but dropped the iframe URL — this restores the iframe URL as a separate field rather than replacing one with the other.Test plan
currentUrl, iframe URL asiframeUrl).currentUrland iframe URL asiframeUrl.currentUrlonly (noiframeUrl).🤖 Generated with Claude Code