a885499d72f17dc8e16c629312a9b194aad7fc88
braney
  Fri May 30 12:05:41 2025 -0700
let individual sandboxs opt out of captcha

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 471adae1e1e..efc59629192 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1540,31 +1540,31 @@
     puts("</script>");
     puts("</head><body>");
     puts("<style>body, h1, h2, h3, h4, h5, h6  { font-family: Helvetica, Arial, sans-serif; }</style>\n");
     puts("<h4>The Genome Browser is protecting itself from bots. This will just take a few seconds.</h4>");
     puts("<small>If you are a bot and were made for a research project, please contact us by email.</small>");
     puts("<script src='https://challenges.cloudflare.com/turnstile/v0/api.js?onload=showWidget' async defer></script>");
     puts("<div id='myWidget'></div>");
     puts("</body></html>");
     sqlCleanupAll(); // we are wondering about hanging connections, so just in case, close them.
     exit(0);
 }
 
 void forceUserIdOrCaptcha(struct cart* cart, char *userId, boolean userIdFound, boolean fromCommandLine)
 /* print captcha is user did not sent a valid hguid cookie or a valid cloudflare token. Always allow rtracklayer. */
 {
-if (fromCommandLine || !cfgOption(CLOUDFLARESITEKEY))
+if (fromCommandLine || isEmpty(cfgOption(CLOUDFLARESITEKEY)))
     return;
 
 if (!cfgOption("blockRtracklayer") && sameOk(cgiUserAgent(), "rtracklayer"))
     return;
 
 // so QA can add a user agent after release, in case someone complains
 char *okUserAgent = cfgOption("okUserAgent");
 if (okUserAgent && sameOk(cgiUserAgent(), okUserAgent))
     return;
 
 if (userId && userIdFound)
     return;
 
 char *token = cgiOptionalString("token");