CB antispam captcha issue

Hello

On some iPhone it seems like disabling third party cookies blocks google recaptcha so I switched to Antispam internal code.

But we have an issue with it. The url is served as text/html instead of png at first load of the page and the user needs to refresh the spam code by ajax to display it.

Sometimes we get the error :
cbantispam.min.js?v=208a2b7e79380bd8:1 CB Antispam: Captcha Unable to Load: SyntaxError: Unexpected end of JSON input

the url is :

index.php?option=com_comprofiler&view=pluginclass&plugin=cbantispam&action=captcha&func=image&id=8209945d0726095f63ff99c4522fc285&Itemid=175&format=raw

Is it possible to force the url to display as png in the code and where ?

Maybe another possibility is that we use two domains on the same joomla installation. For instance main website activ-ha.com loads the captcha correctly and cercle.business does not
Do you use a cache somewhere or a domain name ?

Open your browsers developer tools (press F12) then refresh the page and check the Network tab. You can see what the HTTP request response is there. Looks like the URL is unreachable causing the fetch to fail. More than likely it's a CORS problem. Given you said it's only the second domain doing this it's pretty much guaranteed a CORS problem. You need to configure cross domain origin properly on your server if you're going to use 2 domains like that.

In fact both domains are impacted by this behavior after a while.
We have CORS set by admin tools as Let the browser decide. I tried to change it to Explicitly Allowed with no success.

What is strange is that this only affects CB Antispam urls. I also tried to go back to Recaptcha and we get Cookies warning after a while with Recaptcha. It indicates third cookies not accepted though they are. We tested on several devices on the week and and still get the same result.

This is a big issue as it forbids registration of new users

To follow on this, the only solution were to use the default joomla recaptcha plugin within CB antispam and then everything loads fine.

So I think that it's not a CORS setting but an issue with CB antispam which may not send the correct headers or something ?

Works perfectly fine for me in all my tests across 4 different sites. Issue is likely something on your site. You've a service worker running from a 3rd party system plugin that seams to be hijacking requests. Maybe start there by turning that off? Seams to be the following.

/plugins/system/mittpwa/serviceworker.js

Yes the website transforms in a PWA and service worker loads the data
We have no issues with this for now.
That was my first question : it looked like CB Antispam sent urls as text/html while they were image/png, so maybe the service worker does not understand it ?

Further tests with Joomla recaptcha invisible still fails with Cb antispam

I have the error Empty solution not allowed