Anyone knows a solution that works without js?

ximm · 2025-05-02T13:20:12 1746192012

Client must provide a proof-of-work. There is no standard for that, so the only way is to implement the client-side code in javascript.

It would be great if there was a standard for that so that all kinds of clients knew how to provide a proof of work, e.g. like this:

  WWW-Authenticate: Proof-Of-Work difficulty=5 challenge=XYZ
  Authorization: Proof-Of-Work abc

Where sha256(abcXYZ) would have to start with at least 5 zeros.

some_furry · 2025-05-02T18:56:58 1746212218

Write an RFC draft, toss it at the IETF.

Seriously.

dfawcus · 2025-05-03T11:54:25 1746273265

Then have the server error response vend the Anubis JS as a fallback?

prmoustache · 2025-05-02T16:09:00 1746202140

I was thinking about adding a link to a page that is hidden in a one pixel image and same color as the page background. hiting it would mean a rule would be added on the firewall to ban that ip for a few weeks.

The only is issue I can think of is there may be browsers or browser extensions that preload links to show thumbnails and users might be banned without knowing why.

GoblinSlayer · 2025-05-02T15:05:25 1746198325

https://github.com/vaxerski/checkpoint