Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

"We detected that your site is not verifying reCAPTCHA solutions."

See original GitHub issue

react-google-recaptcha version: 1.1.0 react-async-script version: 1.1.1

This message appears on my Google reCAPTCHA dashboard. As far as I understand, this particular package has no need to define a POST callback for any backend verification.

<ReCAPTCHA
  ref={this.reCaptchaRef}
  size="invisible"
  sitekey={CAPTCHA_SITEKEY}
  onChange={captchaVal => this.handleCaptcha({ captchaVal })}
  onErrored={() => this.handleCaptcha()}
/>

When calling this.reCaptchaRef.current.execute(), all the necessary (non-manipulable) verification is done on the component level, correct? Am I missing something? How do I get rid of this error message?

Thanks!

Issue Analytics

State:
Created 4 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

6reactions

bogdancsscommented, Jun 16, 2020

just noticed this when integrating this package in our project - as you mentioned, it would be a good idea to mention this somewhere in the README

2reactions

dozoischcommented, Jul 22, 2019

@cneuro you are right about the fact that ReCaptcha itself can’t be spoofed.

The thing is when ReCaptcha is solved and the user submits the form, you do a network request (with fetch or xhr). This network request can be spoofed with something like cURL or any http client. I don’t need to use your UI to interact with your backend.

Given that, I can then spoof a fake value for the token when calling your backend, opening the door to bots.