BTT 4.157 (2371)
First of all, fantastic software, I'm a long-time user and fan.
I set up a gesture that opens a small floating WebView with ChatGPT so I can quickly pull it up and ask questions. I use this constantly, love it.
I've wanted to try other LLM sites, though - Claude (claude.ai), Grok (grok.com), and DeepSeek (chat.deepseek.com). These all use Cloudflare to do some kind of human detection captcha. In a regular browser you click "I am a human" and it moves on, but the floating WebView seems to get stuck in an infinite loop on this stage for all those sites, so unfortunately they cannot be used.
strange, working fine here. In which country are you located?
I reported the same issue before. In my case it is deepseek that captcha can not pass and stuck in infinite loop.
I'm in the US (New Mexico). I've tried using a US-based VPN (Nord), no VPN, also tried using my cell phone as a hot spot - all produce the infinite captcha loop.
(Note grok.com only shows the captcha if you actually submit a query)
I am having the same problem.
Maybe it was because BTT's webview did not support popup windows. This is now supported in 5.228. If that doesn't help, try to set a custom user agent (best use your Safari Browser's user agent https://www.whatismybrowser.com/detect/what-is-my-user-agent/
I updated to 5.231 and filled the user agent as you said but it is giving the same error
unfortunately then I have no idea ;-( I tried all of these sites on multiple machines, but can use them fine here.
If anybody knows why cloudflare would block for some users, that would be very interesting!
Maybe you could try right-clicking the webview and choosing „inspect“ and check whether there are any errors in the logs
I'm not sure Cloudflare is blocking me necessarily - I get the captcha with a regular browser (same connections/machine), but no infinite loop.
If you have a VPN, I wonder if enabling might cause it to show the captcha for you.
The inspect console output I'm seeing looks something like:
[Error] Failed to load resource: the server responded with a status of 403 () (sign-up, line 0)
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Blocked a frame with origin "https://challenges.cloudflare.com" from accessing a frame with origin "https://accounts.x.ai". Protocols, domains, and ports must match.
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Warning] window.styleMedia is a deprecated draft version of window.matchMedia API, and it will be removed in the future. (x2)
[Log] Request for the Private Access Token challenge. (v1, line 1)
[Log] The next request for the Private Access Token challenge may return a 401 and show a warning in console. (v1, line 1)
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Refused to execute a script because its hash or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (auto, line 1, x2)
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
[Error] Refused to execute a script because its hash or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (auto, line 1, x2)
I was able to reproduce the issue with a VPN!
I think I found what is causing this and fixed it in 5.232 (uploading)
Just in case some other developer hits this issue and comes here via Google:
It is very strange, but apparently the cloudflare fingerprinting / bot check fails if the console.log output is written to the system console via WKWebView's _logsPageMessagesToSystemConsoleEnabled. Once I disabled this, the bot check seems to work correctly.
BetterTouchTool used this to allow users to see the log message without debugging the webview, but it's not an important feature so I have disabled it now.
2 Likes
Nice, that's awesome! Thanks!
Have you already tried whether it works for you? (I wouldn't be surprised if there was more location specific finger printing)
Hm looks like the issue is still happening - I'm on BTT 5.233 (2025022513) now with a user agent from my browser.
;-( They really seem to be checking different things in different locations.
Maybe I can add a mode without any custom settings.
Just to be sure is your browser Safari? (Only Safari User agent can be used, Chrome etc. would not work)
This is the one I'm using on macOS 15.3.1:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
Ah good catch, it looks they're all working now with the Safari user agent! (I was using one from Chrome before)
1 Like
I tried before with chrome and safari user agents, none worked. Now after this new update it worked, so it was your update that fixed it, thank you!!
1 Like
