Page 2 of 2
Re: re-captcha 2 or 3 or question captcha
Posted: 17 Jun 2024, 20:00
by cas
Look at the resources function in the main plugin script.
Re: re-captcha 2 or 3 or question captcha
Posted: 17 Jun 2024, 21:39
by durangod
cas wrote: 17 Jun 2024, 20:00
Look at the resources function in the main plugin script.
Yes i saw that on the first day, but that is calling a local file. If the recaptcha js file was local then yeah it would work. But its not local and having it called remotely is the issue, and changing the default src to * even temporary is not a good idea. I was going to copy and paste the js file and use it locally but the first line of their code says "DO NOT COPY AND PASTE THIS CODE" so that idea is a wash.
At the moment i am looking at some suggestions from others with the same issue "its a very common problem" with google recaptcha, and trying those solutions.
Ill be back
thanks
Re: re-captcha 2 or 3 or question captcha
Posted: 18 Jun 2024, 08:31
by cas
so if you use
Code: Select all
<script src="https://www.google.com/recaptcha/api.js"'></script>
you have the same issue?
Re: re-captcha 2 or 3 or question captcha
Posted: 18 Jun 2024, 14:45
by durangod
yes, same issue. Recaptcha is known to have a difficult time with CSP's its the default self that is blocking, Even when i change the default to * it still flaggs it as it may be getting the self value from the browser itself. Also there are two sites that get flaged with that one call. When i disable CSP recaptcha works fine.
'
https://www.gstatic.com');
'
https://www.google.com');
I may have to do a nonce version of the src for the csp add function, and use a trusted site parma with a hash256 value. Im still reading about how to do that.
https://content-security-policy.com/nonce/
here is everything i have tried doing testing..
Code: Select all
//http_csp_add('default-src', "'unsafe-inline' 'unsafe-eval");
//http_csp_add( 'default-src', "'none'" );
//http_csp_add('script-src', "''");
//http_csp_add('script-src', "'none'" );
//http_csp_add('script-src', "'unsafe-inline' 'unsafe-eval' 'google.com/recaptcha/api.js'");
//http_csp_add('script-src', "'unsafe-inline' 'unsafe-eval' 'self'");
//http_csp_add('default-src', '*');
//http_csp_add('style-src', "'unsafe-inline' 'self'");
//http_csp_add('script-src', "'unsafe-inline' 'unsafe-eval' 'self' 'https://www.gstatic.com/'");
//http_csp_add('frame-src', "'unsafe-inline' 'unsafe-eval' 'self' 'https://www.gstatic.com'");
//http_csp_add('script-src', "'unsafe-inline' 'unsafe-eval' 'self' 'https://www.google.com'");
//http_csp_add('frame-src', "'unsafe-inline' 'unsafe-eval' 'self' 'https://www.google.com'");
http_csp_add('script-src', 'https://www.gstatic.com');
http_csp_add('frame-src', 'https://www.gstatic.com');
http_csp_add('script-src', 'https://www.google.com');
http_csp_add('frame-src', 'https://www.google.com');
//dave mod add call to head section
if(is_page_name('signup_page.php') || is_page_name('login_page.php'))
{
// return '<script src="https://www.google.com/recaptcha/api.js" async defer></script>';
// return '<script src="https://www.google.com"></script>';
return '<script src="https://www.google.com/recaptcha/api.js"></script>';
}
Re: re-captcha 2 or 3 or question captcha
Posted: 18 Jun 2024, 17:37
by cas
Well, still question is why do you need the google one?
Re: re-captcha 2 or 3 or question captcha
Posted: 19 Jun 2024, 12:49
by durangod
things are crazy busy here now, ill explain why when i get back to this
Re: re-captcha 2 or 3 or question captcha
Posted: 27 Jun 2024, 23:05
by durangod
Hi, sorry for the delay. Had a roof leak that i had to fix and some family issues i had to take care of.
The reasons i was wanting to add the new captcha are the follow:
1. Since i am new to the script i wanted to see how flexible it was to new ideas.
2. I also wanted to add a anti bot question because its one of the better anti bot methods out there now IMO. And so the first step was to add
this captcha first to see how to do it.
3. I also wanted to be sure that this script was easy to navigate and wanted to learn the user and admin side of it. Breaking it sometimes or solviing problems in my discovery phase is the best way to learn a script.
Anyway that is why i wanted to add this captcha to start with. Seeing as i have bigger plans for the mod it might be better for me to just do my own plugin. Building the plugin from scratch might be the best way for me to do this. I will have to think about what is best for my use of it.
Re: re-captcha 2 or 3 or question captcha
Posted: 01 Jul 2024, 10:49
by durangod
Hello,
After considering what i want to do and how i am going to get there (30,000 foot view of my whole project), i have decided to go a differrent route and go with a different tracking software.
I wanted to thank you for all your quick assistance and your kindness during my discovery process. I would be happy to share with you whatever code i started if you want it regarding the recaptcha. Actually it was pretty much done for the signup the only block was the security policy and it would have worked. If you want the code ill post it just let me know...
Otherwise best of luck and thanks again...
Dave
