Hello! We have an API that returns pages for some endpoints, and most submissions and downloads require user to pass Cloudflare turnstile.
Turnstile almost always passes in the regular browser, however, some there are third party integrations that are apps that use a WebView (aka embedded browser) and turnstile almost always returns a failure for those apps.
Is there a documented workaround? This certainly doesn’t seem like desirable behavior.
Hello there,
Here’s the doc says: At the moment, CF does not offer an easy and official way to embed Turnstile in a React Native application.
An HTML page rendered in a WebView can use Turnstile. The page must be loaded from a domain allowed to use the sitekey, either using uri or by specifying the html and baseUrl options.
It IS a WebView. Not react anything. And it’s consistently failing the challenge.
GitHub - Fox2Code/FoxMagiskModuleManager: A module manager for Magisk because the official app dropped support for it our API is embedded in this application. The application renders our content in a pretty standard WebView - and challenges are always failing according to the user reports we’ve been receiving and our testing
I get the same error, did you find a solution to the problem?
Make sure to not send the X-Requested-With header - turnstile will ALWAYS fail in the presence of that header.
We still have extraordinarily large amounts of issues without that though - users reporting the form always says expired or already verified, or the captcha just not rendering