Advanced Blocking Response (ABR)

While browsing the webpage (and AJAX requests are being sent), a full challenge page render might not be an option. In such cases, using the Advanced Blocking Response (Auto or Custom) returns a JSON object containing all the information needed to render your own Captcha challenge implementation, be it a popup modal, a section on the page, etc.

Auto ABR

Auto-ABR is a key piece in the PerimeterX “no-code” integration. APIs and single page applications have been, and are, becoming more and more common vs. “classic page loads”. “Classic” integrations either don’t cover these or require custom code.

To enable/disable Auto ABR on your application, go to Applications -> Challenge Configuration and set the toggle to “On”/”Off”.

Prerequisites
Auto ABR per application is supported from sensor version 7.6.9 and above.

FAQ

What happens if I enabled Auto ABR but the modal doesn’t trigger?
In case the accept header isn’t set to application/json or if a non-standard block page is configured, please contact your PerimeterX CSE or SA, send us a Slack or email at [email protected] for further information.

Can I disable Auto ABR on a specific path?
Yes. To disable Auto ABR simply add the following assignment within the Sensor’s snippet on the specific path you would like to exclude:

window._pxMonitorAbr = false;

See below the following snippet example for excluding a path:

<script type="text/javascript">
    (function(){
        // Custom parameters
        window._pxMonitorAbr = false;
        var p = document.getElementsByTagName('script')[0],
            s = document.createElement('script');
        s.async = 1;
        s.src = '/IZ/9N17knJ5/init.js';
        p.parentNode.insertBefore(s,p);
    }());
</script>

Advanced Blocking Response

In cases where a custom blocking flow is required (triggering inside a specific page, configuring a custom flow and others), a custom ABR may be required. The Advanced Blocking Response occurs when a request contains the Accept header with the value of application/json. A sample JSON response appears as follows:

{
    "appId": String,
    "jsClientSrc": String,
    "firstPartyEnabled": Boolean,
    "vid": String,
    "uuid": String,
    "hostUrl": String,
    "blockScript": String
}

Once you have the JSON response object, you can pass it to your implementation (with query strings or any other solution) and render the Captcha challenge.
In addition, you can add the _pxOnCaptchaSuccess callback function on the window object of your Captcha page to react according to the Captcha status. For example, when using a modal, you can use this callback to close the modal once the Captcha is successfully solved.

How To Handle ABR?

When using the Advanced Blocking Response feature, you must create a custom challenge section that will display the Human Challenge. In order to display the Human Challenge you must perform the following on your page (be it a full page, an pop-up modal template, etc.):

Step1: Add a div with an id of px-captcha

<div id="px-captcha"></div>

Step 2: Add a script tag with the following parameters

<script>
    window._pxAppId = '<appId>';
    window._pxJsClientSrc = '<jsClientSrc>';
    window._pxFirstPartyEnabled = <firstPartyEnabled>;
    window._pxVid = '<vid>';
    window._pxUuid = '<uuid>';
    window._pxHostUrl = '<hostUrl>';
</script>

📘

Note

All of these parameters can be taken from the JSON response of the Advanced Blocking Response output

Step 3: Include the blockScript script from the Advanced Blocking Response

<script src="<blockScript>"></script>
var script = document.createElement('script');
script.src = getParameterByName('blockScript'); // get the parameter from query string
document.getElementsByTagName('head')[0].appendChild(script);

Step 4: Add the callback function
This function is called when the Captcha is solved successfully or when it is not validated

window._pxOnCaptchaSuccess = function(isValid) {
 // Define logic based on the isValid parameter
}

📘

Note

In some cases upon successful challenge solve, it can be a good idea to include a script in the callback function which recreates the request (or requests) that originally received the ABR in order to ensure the expected page flow.
If no callback function is defined the page will reload upon successful Captcha solve, unless a "url" query-param is included within the page URL, in which case the URL will be changed accordingly instead (see "Post Solve Behavior" section above for more details).


Did this page help you?