“Verify you are human” loop : report 6,000032

user76512 · April 4, 2025, 10:08am

What is the name of the domain?

What is the issue you’re encountering

I can not access various websites (including my own) due to the infinite “Verify you are human” loop. What steps have you taken to resolve the issue?

What steps have you taken to resolve the issue?

I’ve tried restarting my browser, clearing all cache/cookies/localdata and disabling all addon’s.
Was the site working with SSL prior to adding it to Cloudflare? I have also changed browsers

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

Try to load any website with the verify you are human capatcha with Thorium and end up in an infinite loop.

I actually switched from Thorium to Ungoogled Chromium to test this and upon switching things worked…until today. Today Chromium updated and low and behold I am now stuck in the never ending loop ■■■■ with it as well.

Blocked script execution in ‘about:blank’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.

v1?ray=91976e121877f5ba&lang=auto:1 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-QLeV0Qmiqe01778p’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.

So on top of the years of people reporting this it looks a tad more fatal than before with security baked in the browser now ensuring there is zero chance you can escape this. More of the web so secure soon no one will be able to use it but the bots…

As a fun extra note this is my SECOND post about this specific time…I’ve posted about this many times over the years. However I am reopening this because some admin came along, IGNORED the fact I said I was/had disabled it on my site listed as the example site. He then said the domain I mentioned as the problem domain wasn’t using Cloudflare and closed the issue. Well Mr. Brainiac the domain is registered, it’s been registered for well over 20 years and it’s still using CF DNS but the security again HAS BEEN DISABLED! I’m so sorry I didn’t just leave myself locked out of my own site for weeks or months until a Cloudflare rep graced me with help. I disabled that ■■■■ because I need to be able to reach and use my sites.

Lili84 · April 8, 2025, 10:43am

Hi

Thank you for reaching out to us. I can see that the feature Bot Fight Mode still active for the zone m0dw3rks.com.

By the errors you’ve reported this looks like the browsers you’re currently using like thorium and ungoogled chromium could be playing a part in this. Have you tried switching to Google Chrome or Mozilla Firefox and check if the error still appears? The errors you’ve reported such as “Blocked script execution in ‘about:blank’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.” and “Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-QLeV0Qmiqe01778p’ ‘unsafe-eval’”.” suggest that the security features that you have in those browsers are preventing JavaScript (which is what Bot Fight Mode uses on detection) to run properly. My suggestion is that you change browsers or try disabling the Bot Fight Mode in your dashboard.

Please let us know if you still have questions.

user76512 · April 8, 2025, 2:56pm

In my original post about this I had also linked an article about the author of Palemoon contacting CF about them targeting Palemoon Users. Your suggestions echo that sentiment. Users can only use “Cloudflare Approved” browsers and the choice is not the users. Nor is the choice to have security. This is a tug of war where in either the user has security and no access or has access and no security.

This all points to Cloud Flares methods being problematic. Cloudflare is limiting browser choice, user safety and security and there are more security changes on the horizon that will widen this gap.

As I said in my original post. CF works in -most- Firefox based browsers (I use Waterfox, Mercury and Palemoon) but as another user on that post points out that locks almost every unsavvy Andriod user out. For reference the person there was using stock Chrome on Android with the same loop.

So users must simply forgo any website that uses Cloudflare protections.

As for the bot fight settings they don’t seem to stop squat based on my server logs. Seems the only thing Cloudflare stops is legitimate users these days. The bots squeak bye just fine…

system · April 10, 2025, 2:57pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"Verify you are human" loop : report 6,000031 Security BR	12	358	April 4, 2025
Near infinite loop of human verification Security	2	21983	February 13, 2024
Infinite loop of Human Verification Security	1	3971	May 20, 2023
Infinite loop of Hunan verification loop Security	3	7483	March 8, 2023
“Verify that you are human” loop Website, Application, Performance	2	1048	August 30, 2024