Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
WAF Captcha: Need help due to getting HTTP 400 (Bad request) combined with a message "HTTP method not allowed"
I followed the steps described in this documentation: https://docs.aws.amazon.com/waf/latest/developerguide/waf-js-captcha-api.html
When a user tries to complete a Captcha verification on the JS client, the js script from AWS itself is making a POST request to https://<hidden>.sa-east-1.captcha.awswaf.com/<hidden>/verify, the request fails and get the following response from AWS:
{ "code": 400, "message": "HTTP method not allowed" }
Some response headers that I got
X-Amz-Cf-Pop: GRU3-P3
X-Cache: Error from cloudfront
*I passed all the correct arguments like API key, domain, and double checked the js script URL and they are all correct.
Here is a screenshot of the api key configuration:
The problem is that this error message is not documented at all, and it doesn't give enough information on how to fix the issue. I mean, the 400 status code doesn't even match the error message. That error message should have a 405 status code.
I have no idea of what is going on. My application is not the one making this verify request, Captcha library is the one doing it.
Could someone please help me solving the problem?
- Newest
- Most votes
- Most comments
Update: The issue was actually that we were passing the API key as a list with one string instead of a string. If you have a similar error, please check the encoding and format of your API key.
I still think that the WAF service should return a better error message than that so people don't waste their time on such simple things.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
