Comments (5)
Hi, thanks for posting this!
Unfortunately, this is not under component's control (or yours, that being said). The checkbox only shows that Google reCAPTCHA thinks whomever resolved this is not a robot. Yet, you still have to perform a server-side check of the reCAPTCHA response to verify the captcha integrity.
Recaptcha API does not support modifying this behavior. You can find original recaptcha docs here.
from ng-recaptcha.
So what's the best way to handle having to wait for the server to send back a response? Seems weird that we would have to disable submit button until we get a response back.
from ng-recaptcha.
It's supposed that you submit the captcha response along with the values, e.g. for a login form the payload would be:
{
"username": "...",
"password": "...",
"captcha": "..."
}
Otherwise if your endpoint /XXX
only supports { username, password }
input - captcha is not really doing anything (since one could simply submit to /XXX
directly without having to solve the captcha).
Bottomline: captcha response should be submitted along with the values it is protecting
from ng-recaptcha.
Ah okay. Thanks for the response. We are only using client-side validation, which is why this is an issue for us. Appreciate the help though.
from ng-recaptcha.
This reCAPTCHA usage is concerning at the very least - as the docs state
The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret needs to be kept safe for security purposes.
(emphasis added by me). So it's two options here - either you're not using "secret" key or you store it on the client-side. In first scenario you might as well omit the captcha altogether - your "good" users are only suffering from it, while the bad guys would just bypass it. The second scenario is pretty much the same.
I would strongly encourage you to investigate further into this matter
from ng-recaptcha.
Related Issues (20)
- ng-recaptcha _502-gateway issue HOT 1
- Angular v16 support HOT 10
- Getting accessibility issue using JAWS screen reader when using recaptcha v2 sitekey HOT 6
- There is no way to know if a user pressed escape on the puzzle HOT 1
- What is the recommended way to load recaptcha when site key comes from back-end HOT 4
- Invalid site key or not loaded in api.js HOT 2
- Invisible using overloaded submit loses token and doesn't recover HOT 3
- Help!!!
- No way to make v3 invisible HOT 2
- Add support for Trusted Types HOT 1
- Cannot vertically scroll images in recaptcha on mobile popup HOT 1
- Can't bind to 'siteKey' since it isn't a known property of 're-captcha' HOT 3
- Feature Request Support for WAF HOT 1
- Standard Angular Standalone app giving NullInjectionError: R3InjectorError error HOT 2
- Upgrade to Angular 17? HOT 6
- Angular v17 Support HOT 1
- How to handle errors on older Angular and ng-recaptcha versions
- Issue with Recaptcha Loading
- Chrome Issue: recaptcha Reading cookie in cross-site context will be blocked in future Chrome versions
- Angular 18 Support HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ng-recaptcha.