Issue with Frontend reCaptcha v3

[quangmai911]

Hi all,

I have an issue with the Frontend reCaptcha v3.

When I set it on as define("enableRecaptcha", true); in the config.php in the Frontend folder.

When I put the link and custom link, hit the shorten link, the page is just frozen. It did not go anywhere. I also refreshed the page but it did not help either.

However, when I defined the Recaptcha back to false. Everything works fine.

Is there anyone have the same issue? And how to fix this please? Thanks so much.

Please note: I already tried to reset with the new sitekey and secretkey from Google. But it did not help.

Kind regards,
Quang

[xtremegadgetguy]

I'm getting a slightly different issue. I've set up reCaptcha v3 and set the site key and secret within the config.php file. However, when I try to shorten a URL, I get the following error message on the frontend: Oh no, reCAPTCHA failed!

I'm continuing to dig into it, but can't see anything wrong on the configuration side. Maybe something changed with Google's API and broke Sleeky's code?

[Abd-Ur-Rehman]

It works fine for me as expected, just enabled, and used the v3 keys and secret.

My settings are:

There could be a browser extension conflicting with it. Try in incognito and see if it works. :)

[BOZG]

There could be a browser extension conflicting with it. Try in incognito and see if it works. :)

Tested in various browsers with their incognito mode and still doesn't work.

The usual problem when it comes to annoying little issues like this is Cloudflare blocking something.

[Abd-Ur-Rehman]

@BOZG It works for me you can test it here.

Here's the GIF, I just tested it again.

[BOZG]

It fails for me on your page!

[Abd-Ur-Rehman]

Not sure why BTW I have noticed one new entry.

[BOZG]

That wasn't anything I tested.

[xtremegadgetguy]

Sorry guys, I tested the youtube.com link. It worked just fine for me. I had to disable reCaptcha v3 on my page. It turned out Google is rejecting my posts (returning success of 0). I don't know if it is because my domain is new or what. I did lots of testing with the Sleeky code and all appears to be correct. What I don't understand is why would someone use reCaptcha v3 when it does not challenge back to the user to verify if they are a bot or not. A simple return of success or not isn't working for me at least.

[Omnipos-lab]

The same for me (Oh no, reCAPTCHA failed!), but it seems to be "related to Google", not to YOURLS. I have this issue at my laptop connected via home WiFi and on my iPhone, connected to the same WiFi. But if I switch off WiFi on iPhone - it perfectly works, there is no Captcha issue anymore

[Ralf-AM]

Same problem (Oh no, reCAPTCHA failed!). I tried it with chrome and firefox at normal and incoknito mode - doesn't work at all.

[irrweg]

same for me. could be user related?
Already checked:

• the server logs
• recorded and checked the HTTP Header
• tried with and without CSP (content security policy)
• used vpn and a new Firefox Profile

I already have 2x reCAPTCHAv3 running without issues, and one with reCAPTCHAv2 on the same host but different sites.

how high is the reCAPTCHA threshold set?

I dislike the version 3, it is just annoying, much more compared to selecting the right pictures. Would be great to have an option in the admin panel for v2 or v3.

[irrweg]

After removing all CSP and cleaning the cache. It now works.

[skymoore]

@ploedman can you be more specific about what resolved the issue for you? I'm dealing with this now and for some reason don't even see my site logging anything in the google recaptcha stuff.

Edit: After waiting a few hours, it works fine. I suppose it took just took googles servers a few hours to allow the requests, since I changed nothing and it now works.

[beejaz]

When I dump the $arrResponse from index.php I get message that invalid-input-response which equals "invalid-input-response | The response parameter is invalid or malformed." on recaptcha page. Which makes me believe, for my instance, its something wrong with this block for token field:

grecaptcha.execute('<?php echo recaptchaV3SiteKey ?>', {action: 'shorten_link'}).then(function(token) {
                                        $('#shortenlink').prepend('<input type="hidden" name="token" value="' + token + '">');
                                        $('#shortenlink').prepend('<input type="hidden" name="action" value="shorten_link">');
                                        $('#shortenlink').unbind('submit').submit();
                                });;

[Nung221]

For anyone still with this issue or for those in the future, i've found a solution.

In the index.php (in root dir) the curl response returns nothing. With https://stackoverflow.com/questions/41882120/validate-googles-recaptcha-code-from-php-using-curl i've managed to get the following to work. Comment out or remove the curl POST and everything else should work without alteration.

$postdata = http_build_query(["secret"=>recaptchaV3SecretKey,"response"=>$token]);
$opts = ['http' =>
  [
    'method'  => 'POST',
    'header'  => 'Content-type: application/x-www-form-urlencoded',
    'content' => $postdata
  ]
];
$context  = stream_context_create($opts);
$result = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
$arrResponse = (array) json_decode($result);

[mrlufus]

@Nung221
I've added your code and the recaptcha is working "sometimes". But mostly it will refuse the URL shortening telling me the ReCaptcha failed.

Did anyone got a solution for that. It sucks to be honest.

[mrlufus]

Hey @Nung221, you are watching my Statement. Thanks buddy.

I've got some new input to this topic. By checking for similar sites using Sleeky Frontend, I found https://your.ls/
This site is not having the recaptcha Issue I have. The only Thing I was able to figur out was, that we have different recaptcha script loader

His Is:

<script src="[https://www.recaptcha.net/recaptcha/api.js?render=6Le2GOYgAAAAAOWcIanYqnWCKM7_H7ZDNqBfcoTD](view-source:https://www.recaptcha.net/recaptcha/api.js?render=6Le2GOYgAAAAAOWcIanYqnWCKM7_H7ZDNqBfcoTD)"></script>

My One Is:

<script src="[https://www.google.com/recaptcha/api.js?render=6LcEOJEpAAAAAKmqWlooaJFc5eKZyzFS5sItc0uW](view-source:https://www.google.com/recaptcha/api.js?render=6LcEOJEpAAAAAKmqWlooaJFc5eKZyzFS5sItc0uW)"></script>

You will find the script if you open up the Source Code and go all the way down to the last lines.

[mrlufus]

Following to my previous comment this might be the game changer.
https://wordpress.org/support/topic/use-recaptcha-net-instead-of-google-com-for-recaptcha-v3/

[Nung221]

@mrlufus

My One Is:

<script src="[https://www.google.com/recaptcha/api.js?render=6LcEOJEpAAAAAKmqWlooaJFc5eKZyzFS5sItc0uW](view-source:https://www.google.com/recaptcha/api.js?render=6LcEOJEpAAAAAKmqWlooaJFc5eKZyzFS5sItc0uW)"></script>

You have the same type as I do. I personally have not had any issues with it after I changed to what is in my post.

When did you create your 'site'? I know I had issues with mine for a day (maybe more) after.

[mrlufus]

Fixed It by Creating a new ReCaptcha API Key with a higher limit. 🤦