fix: address PR review comments

BenjaminMichaelis · BenjaminMichaelis · commit 5aa11e8517a1 · 2026-05-16T21:26:30.000-07:00
- Fix misleading log message: 'failing open' -&gt; 'failing closed (503)' in
  LogCaptchaServiceUnavailable (hCaptcha unavailable returns 503, not open)
- Remove dead ArgumentException/FormatException catch blocks from sitemap
  validation; EnsureSitemapHealthy only throws InvalidOperationException
- Remove duplicate top-level ForwardedHeaders section from appsettings.json
  (two keys at the same path; keep the one with both TrustedProxyCidrs and
  TrustedProxies)
- Fix captcha challenge timeout: start 90s timer after widget is ready, not
  before — previously script-load time ate into the challenge window; also
  increases from 15s to 90s to accommodate interactive challenges
diff --git a/EssentialCSharp.Web/Controllers/ChatController.cs b/EssentialCSharp.Web/Controllers/ChatController.cs
@@ -290,7 +290,7 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat
         }
     }
 
-    [LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha service unavailable during chat request — failing open")]
+    [LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha service unavailable during chat request — failing closed (503)")]
     private static partial void LogCaptchaServiceUnavailable(ILogger<ChatController> logger);
 
     [LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha validation failed for chat request — error codes: {ErrorCodes}")]
diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs
@@ -616,16 +616,6 @@ await McpJsonRpcResponseWriter.WriteErrorAsync(
             LogSitemapValidationFailed(logger, ex);
             // Continue startup even if sitemap validation fails
         }
-        catch (ArgumentException ex)
-        {
-            LogSitemapValidationFailed(logger, ex);
-            // Continue startup even if sitemap validation fails
-        }
-        catch (FormatException ex)
-        {
-            LogSitemapValidationFailed(logger, ex);
-            // Continue startup even if sitemap validation fails
-        }
 
         app.Run();
     }
diff --git a/EssentialCSharp.Web/appsettings.json b/EssentialCSharp.Web/appsettings.json
@@ -2,9 +2,6 @@
   "ConnectionStrings": {
     "PostgresVectorStore": "your-postgres-connection-string-here"
   },
-  "ForwardedHeaders": {
-    "TrustedProxyCidrs": []
-  },
   "Logging": {
     "LogLevel": {
       "Default": "Warning",
diff --git a/EssentialCSharp.Web/wwwroot/js/chat-module.js b/EssentialCSharp.Web/wwwroot/js/chat-module.js
@@ -20,7 +20,7 @@ let captchaTokenResolve = null;
 let captchaTokenReject = null;
 let captchaPending = false; // prevents concurrent token requests overwriting promise callbacks
 let captchaRequestGeneration = 0;
-const CAPTCHA_TIMEOUT_MS = 15_000;
+const CAPTCHA_TIMEOUT_MS = 90_000;
 
 // Resolves once the widget has rendered. getCaptchaToken() awaits this so a user who
 // submits before hCaptcha finishes loading waits (up to 15 s) rather than getting a 403.
@@ -68,49 +68,54 @@ function initCaptchaWidget() {
  * Returns a fresh hCaptcha token, or null if captcha is not configured.
  * Waits for the widget to finish rendering if it has not yet (handles slow script loads).
  * Rejects with 'captcha-concurrent' if a token request is already in-flight.
- * Rejects with 'captcha-timeout' if the widget does not respond within 15 seconds.
+ * Rejects with 'captcha-timeout' if the challenge does not complete within 90 seconds
+ * after the widget is ready (the timer starts after widget load, not before).
  */
 function getCaptchaToken() {
     if (!captchaSiteKey) return Promise.resolve(null);
     if (captchaPending) return Promise.reject(new Error('captcha-concurrent'));
     captchaPending = true;
     const requestGeneration = ++captchaRequestGeneration;
 
-    let timeoutId;
-
     // Chain onto captchaWidgetReady so calls made before the widget finishes loading
     // wait rather than immediately returning null and causing a 403.
-    const tokenPromise = captchaWidgetReady.then(() => new Promise((resolve, reject) => {
+    // The challenge timeout starts only after the widget is ready so script-load time
+    // does not eat into the window available for completing an interactive challenge.
+    return captchaWidgetReady.then(() => {
         if (requestGeneration !== captchaRequestGeneration) {
-            reject(new Error('captcha-stale'));
-            return;
-        }
-        captchaTokenResolve = (token) => {
-            captchaPending = false;
-            clearTimeout(timeoutId); // cancel lingering timer so it can't corrupt the next call
-            resolve(token);
-        };
-        captchaTokenReject  = (err) => {
             captchaPending = false;
-            clearTimeout(timeoutId);
-            reject(err);
-        };
-        window.hcaptcha.execute(captchaWidgetId);
-    }));
-
-    const timeoutPromise = new Promise((_, reject) => {
-        // timeoutId is assigned synchronously here, before captchaTokenResolve can fire
-        timeoutId = setTimeout(() => {
-            if (requestGeneration !== captchaRequestGeneration) return;
-            captchaRequestGeneration++;
-            captchaPending = false;
-            captchaTokenResolve = null;
-            captchaTokenReject  = null;
-            reject(new Error('captcha-timeout'));
-        }, CAPTCHA_TIMEOUT_MS);
-    });
+            return Promise.reject(new Error('captcha-stale'));
+        }
+
+        let timeoutId;
 
-    return Promise.race([tokenPromise, timeoutPromise]);
+        const tokenPromise = new Promise((resolve, reject) => {
+            captchaTokenResolve = (token) => {
+                captchaPending = false;
+                clearTimeout(timeoutId); // cancel lingering timer so it can't corrupt the next call
+                resolve(token);
+            };
+            captchaTokenReject  = (err) => {
+                captchaPending = false;
+                clearTimeout(timeoutId);
+                reject(err);
+            };
+            window.hcaptcha.execute(captchaWidgetId);
+        });
+
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutId = setTimeout(() => {
+                if (requestGeneration !== captchaRequestGeneration) return;
+                captchaRequestGeneration++;
+                captchaPending = false;
+                captchaTokenResolve = null;
+                captchaTokenReject  = null;
+                reject(new Error('captcha-timeout'));
+            }, CAPTCHA_TIMEOUT_MS);
+        });
+
+        return Promise.race([tokenPromise, timeoutPromise]);
+    });
 }
 
 function resetCaptchaWidget() {

Original file line number	Diff line number	Diff line change
`@@ -290,7 +290,7 @@ public async Task StreamMessage([FromBody] ChatMessageRequest request, Cancellat`
`290`	`290`	`}`
`291`	`291`	`}`
`292`	`292`
`293`		`- [LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha service unavailable during chat request — failing open")]`
	`293`	`+ [LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha service unavailable during chat request — failing closed (503)")]`
`294`	`294`	`private static partial void LogCaptchaServiceUnavailable(ILogger<ChatController> logger);`
`295`	`295`
`296`	`296`	`[LoggerMessage(Level = LogLevel.Warning, Message = "hCaptcha validation failed for chat request — error codes: {ErrorCodes}")]`