From 283146d98d6732326c0f134fa1974caebaf789f4 Mon Sep 17 00:00:00 2001
From: "VL.Y" <1560781+vladimiry@users.noreply.github.com>
Date: Fri, 22 Sep 2023 22:46:27 +0300
Subject: [PATCH] drop "hcaptcha.com" whitelisting as @protonmail switched to
 own captcha

* ref: #312
* Some info about Proton CAPTCHA is available at https://proton.me/blog/proton-captcha and https://www.reddit.com/r/ProtonMail/comments/16oezw3/introducing_proton_captcha_the_worlds_first/
---
 package.json                           |  2 +-
 src/electron-main/web-request/index.ts | 14 ++------------
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/package.json b/package.json
index d7d54513..c8246a3d 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "electron-mail",
   "description": "Unofficial ProtonMail Desktop App",
-  "version": "5.2.0",
+  "version": "5.2.1",
   "author": "Vladimir Yakovlev <desktop-app@protonmail.ch>",
   "license": "GPL-3.0",
   "homepage": "https://github.com/vladimiry/ElectronMail",
diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts
index c48130d2..b55d5408 100644
--- a/src/electron-main/web-request/index.ts
+++ b/src/electron-main/web-request/index.ts
@@ -97,10 +97,8 @@ export function initWebRequestListenersByAccount(
     const resolveAllowedOrigins = (url: Exclude<ReturnType<typeof resolveWebRequestUrl>, null>): readonly string [] => {
         return reduceDuplicateItemsFromArray([
             ...[
-                ...[
-                    ...STATIC_ALLOWED_ORIGINS,
-                    ...PROTON_API_SUBDOMAINS.map((subdomain) => resolveProtonApiOrigin({accountEntryUrl, subdomain})),
-                ],
+                ...STATIC_ALLOWED_ORIGINS,
+                ...PROTON_API_SUBDOMAINS.map((subdomain) => resolveProtonApiOrigin({accountEntryUrl, subdomain})),
                 ...(() => {
                     // - it has been noticed the at least "fra-storage/zrh-storage/storage" subdomains used by Proton for Drive service
                     // - interesting thing is that those subdomains are not hardcoded in the https://github.com/ProtonMail/WebClients code
@@ -117,14 +115,6 @@ export function initWebRequestListenersByAccount(
                     );
                     return isStorageSubdomain ? [url.origin] : [];
                 })(),
-                ...(() => {
-                    // the iframe page generated by /core/v4/captcha?Token=... request at least loads the following stuff:
-                    //   - script: https://hcaptcha.com/1/api.js?onload=loadCaptcha&render=explicit
-                    //   - subFrame: https://newassets.hcaptcha.com/captcha/v1/335f764/static/hcaptcha.html
-                    //   - possibly https://accounts.hcaptcha.com
-                    // so whitelisting it with subdomains
-                    return url.origin === "https://hcaptcha.com" || url.origin.endsWith(".hcaptcha.com") ? [url.origin]: [];
-                })(),
             ].map(parseUrlOriginWithNullishCheck),
         ]);
     };