Google reCaptcha v3 not ready when clicking submit - recaptcha

I'm migrating from reCaptchav2 to v3 and I've got some issues I don't know how to solve them.
I put the reCaptcha v3 in the login page, but if the users do login so fast, the captcha is not solved yet (Google has not send the response yet), so my page throws an error as if the captcha was not well solved (as if the user was a bot).
How could I solve this? In version 2, I could wait the checkbox of captcha was checked, but now there isn't a checkbox...
Thanks!

I found a solution.
When I call the Google reCaptcha API, the submit button is disabled meanwhile.
When I get the answer from Google, I enable the button so I can do submit.
I do that cheching to a variable in javascript that will be true when the answer is ready.
Hope this helps.

Related

Google reCAPCTHA v3 should go in every page or not?

I'm migrating from Google reCAPTCHA v2 to v3. As they are quite different, I have a question.
I used to place my reCAPTCHA v2 only inside web pages where a form exists, to make users click and avoid bots. That's understood, ok, but with reCAPTCHA v3 there is NOT a checkbox where to click on (reCAPTCHA v3 analyzes the user behaviour and clicks).
So... should I place the reCAPTCHA v3 just in forms pages or should I place it in all and every pages I have (to make recaptcha observe how the user interacts with the web)?
I would disagree with Galzor’s answer. The documentation says that
The score is based on interactions with your site and enables you to take an appropriate action for your site.
It’s “site” and not page. It goes on to say
reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.
To me that last sentence means “every page with analytics on my site” — i.e. every page, whether it has a form on it or not. Which then gives rise to all sorts of privacy concerns, see also here.
Now my question is: what does the “reCAPTCHA verification” refer to? Including the api.js script or executing something or… 🤔
Unfortunately, the docs don’t spell this out clearly.
Addendum
(Feb 2023)
I switched to hCaptcha and their docs are also somewhat unclear. However, their customer service responded with
You should add the script and the DOM container with hCaptcha widget only on the contact form page and then call our /siteverify endpoint to validate the user.
and
Same scenario for second case, add it only on the sign up page and if validated within our side the user should be able to log in.
Based on that response I added the CAPTCHA only to the Contact page of my website and to the Sign Up page of the webapp.
Not sure this would also apply to Google’s CAPTCHA, though.
I dont think it should go into every page. mostly the users will find it too intrusive on all pages. in my opinion use it on page with form only.

Newsletter signup for Mailchimp : Recaptcha not showing

Originally I use Mailchimp embed form for newsletter signup.
But it was not reCAPTCHA enabled. It worked well but few hours ago, I noticed large amount of spam signups at Mailchimp.
So I was going to add reCAPTCHA to my form to prevent bots.
I go to the Mailchimp -> Settings -> List name and campaign defaults and I saw the checkbox for reCAPTCHA enabling as below.
Mailchimp Enabling reCAPTCHA
I enabled it. The problem is that I cannot see reCAPTCHA box on the form. And I tested with several fake data and
the result is everything worked well as before.
Could anybody help me? Where am I wrong?
We started getting spam signups as well. It turns out the reason for that is that Mailchimp turned off double opt-in a few weeks ago. So I turned it back on and the spam signups stopped.
I would rather use reCaptcha than double opt-in but like you cannot get reCaptcha to work.

([facebook-analytics])-Track other pages in the website using Facebook Analytics

I have a website maybe is www.jaminebaker.com and there is a feedback page and a article page. In my article page, there is also a share button to Facebook. Can I check whether is it possible for Facebook Analytics to trace whether did I click on the feedback page also ? I know that I can track the Facebook share.
Thanks.
Yes, this is totally possible. If you're using Facebook Pixel, check this out. If you're using the Facebook Analytics JS SDK, check this out.

The new Google Invisible reCaptcha - invisible or not?

Google announced Invisible ReCAPTCHA is coming soon. For now, if you want to integrate the new reCAPTCHA to your site or app you can register here.
I do have 2 site keys whitelisted for the new Invisible reCaptcha and I've started "playing" with their examples: see them here https://developers.google.com/recaptcha/docs/invisible
Yes, when the page loads the recaptcha is invisible but when the form is submitted the recaptcha challenge appears all the time. You have to click on images, draw something around something else... etc
I've been testing this on different servers, 2 different sites which have the site key approved to use the Invisible reCaptcha, with different browsers form different locations. Same behavior: Google shows the challenge when the form is submitted on all 3 examples they have on their page.
Is this what we should expect?
Just as with the checkbox, if it can't reliably determine if you aren't a bot, you get a challenge. I can confirm that the invisible part does work when you are detected as a human.
Actually you have to approve the Terms of Service when you create a new reCAPTCHA site, that says that
You agree to explicitly inform visitors to your site that you have implemented the Invisible reCAPTCHA on your site and that their use of the Invisible reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.

Google Calendar event buttons -- Mobile version

I've created a mobile site that displays events retrieved from a Google Calendar. I would like to display a button on each event that allows the user to add the event to their own Google Calendar.
Google Calendar provides a simple way to do this with HTML snippets:
(http://www.google.com/googlecalendar/event_publisher_guide_detail.html)
The url takes parameters so that you can populate the add event form. Here's an example:
https://www.google.com/calendar/render?action=TEMPLATE&text=Brunch+at+Java+Cafe&dates=20060415T180000Z/20060415T190000Z&location=Java+Cafe,+San+Francisco,+CA&details=Try+our+Saturday+brunch+special:%3Cbr%3E%3Cbr%3EFrench+toast+with+fresh+fruit%3Cbr%3E%3Cbr%3EYum!&trp;=true&sprop;=+website:http://www.javacafebrunches.com&sprop;=name:Jave+Cafe&gsessionid=OK&sf=true&output=xml
Unfortunately I can't find a mobile equivalent of this page. If you go to the page with Android, it asks if you want to use the mobile version, but because there isn't one, it repeatedly displays the dialog until you finally cancel the dialog.
Does anyone know of a mobile version of this page, or suggest another way to do it? (Ideally without AJAX as it's causing some offline caching issues on iPhone in app mode).
I've been doing some research on this myself and I've come close, but I'm not 100% there yet. Here's a sample URL of a mobile "share event" link:
http://www.google.com/calendar/gp#~calendar:view=e&bm=1&action=TEMPLATE&text=Halloween+Party+2011&dates=20111101/20111202&details=Description&location=Millennial+Media&trp=false
It opens up the mobile version of Google Calendar and pre-populates it with details about the event your sharing.
The only problem I've encountered is when you're not already logged into Google Calendar. It takes you to the log in page, which is fine, but then after you log in it takes you to the home screen instead of the event entry page.
If you find or already found an answer to this, let me know.
~ TJ

Resources