I plan to use Google's invisible recaptcha to make sure bots don't sign up on my website. I think I followed all the instructions, but I want to test it to make sure it works and see how it looks. But I'm a human, so it just lets me click with no problems. Is there a way to make the invisible recaptcha think I'm a bot so I can test that experience on my site?
Try accessing your website through Tor. If you try using Google Search through Tor it will continuously offer you a reCAPTCHA, because bots are often using the IP addresses associated with Tor and Google knows this. I imagine it will work for your website as well.
Related
Our customer service is an important user of our website. When doing their work they frequently send requests to the part of our website that is protected by invisible reCaptcha (v2). For that reason I think their actions are being marked as suspicion by reCaptcha and they keep getting the reCaptcha where you need to select photo's with a certain image, this makes their work has become quite a bit more time consuming. Is their a solution for this? Perhaps by whitelisting our IP so traffic from our IP will never be suspicious, and the reCaptcha with the images will not show?
I couldn't find the answer in the documentation so hope that someone can help!
My site is using Google reCAPTCHA control but I am hearing its being block in
China, Is there anyway around this I see there is some people reporting that changing the API to https://www.recaptcha.net works in China?
Anyone try this because I see it still going out to google?
string apiUrl = "https://www.recaptcha.net/recaptcha/api/siteverify?secret={0}&response={1}";
As google says in his assistance page, you should use this domain "www.recaptcha.net" instead "www.google.com" on the api call.
First, replace src="https://www.google.com/recaptcha/api.js" with
src="https://www.recaptcha.net/recaptcha/api.js"
After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.
Obtained from: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
Edit: to clarify on some of the comments, while if you try it outside of china yes you do get references to gstatic.com but if you try this in china, any references to gstatic.com are replaced with gstatic.cn (don't forget to add it to your SCP). So this solution is still valid.
IMHO, google things are not stable in China as it can be blocked anytime.
From Baidu threads, it also mentioned that sometime google recaptcha works, sometime it doesn't.
https://www.v2ex.com/t/492752 (Chinese)
In programming world ,unstable function means useless or more code for dealing with exception.
If you really need to use google recaptcha,
you would better test properly using VPN (IP in China) first.
Here are some options you can consider,
You can use alternative captcha
Google will tell you various captcha.
Build your own captcha
Open Source Invisible reCAPTCHA alternatives
Use proxy web server(nginx) to send and receive data to or from google recaptcha
I have shared the solution to this problem by using cURL.
https://stackoverflow.com/a/63568516/11910869
cURL acts as a middle man between the client and the server. So even if google.com/recaptcha can not be accessed by the client because it is blocked by the service provider, cURL can act as the proxy to send the HTTP requests and get the response.
I am a beginner trying out api for fun.
The problem is, lets say, I want to write a simple windows program with golang to let my friends read and edit one of the sheets saved on my google drive. How can I do this without having them download a credential file?
What I want it to do is simply redirect them to the Oauth Page right away, and if their email address is one recognized by the app it will grant them access to that google sheet.
What i think you need is to integrate your go app with Oauth protocol.
More specifically, with the Google provider.
This is mainly 3 steps:
add the oauth client to your application
something like this: https://github.com/golang/oauth2
See their docs on how to do it.
go to google dev documentation and see how to integrate google auth flow into the client: https://developers.google.com/identity/protocols/OAuth2
I'm not sure if google has something more specific for google drive integration and/or go-lang client in particular. Please do some searching.
make the glue code on your go app so that the user can interact with this (the login button (or command, if it is terminal based), error messages, logout, etc)
More questions will appear when you start to do this, however it is a great example to learn Oauth as well.
General guidelines:
https all the queries or oauth is basically useless
oatuh has many auth-flows and you must choose which one(s) you support. use whatever google documentation recommends for m2m scenario (machine 2 machine)
log errors so that your friends can send you a log file for you to debug issues
maybe set some feature flag so that you can simply disable this feature to run/test localhost ? maybe useful? you decide.
I've just stumbled onto Google Safe Browsing lookup API and will admit this seems to be a bit above my head, but I still would like to learn how to use it.
I've read through the get-started documentation, but I am still confused on where to actually begin.
I've created an API key to access it, which gave me a link.
I've pasted that link into Google Chrome, and it downloaded a file, which I opened in Google Chrome on my Win 7 machine.
This is where I am stuck, where is the API?
How do I actually paste URL's into the API to see if they are malicious or not?
So, if you're still wondering about this 6 months later an API is a way of interacting with a site not through your browser. You don't need to worry about it if you're using Chrome or Firefox since the browser will do it for you.
However, you know how a website for a bar will have a small google maps box with the map of the area? The application (website) sent a get request to the Google Maps API. The simplest way you do this at home is with your terminal or command line. That's where you would type in the url you're trying to check.
I'm wondering if anyone can help with this.
I'm creating a site for a client using Google Sites (A requirement they set).
One of their requirement is for a contact form to be embedded on the site. I've had a look and there are plenty out there, however, if a user visits from any version of IE the content is not displayed due to the security settings.
All other browsers are functioning fine.
I know the alternative is to simply put a link to an external source, but is not ideal.
My question is threefold fold.
1. Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
2. Are there any HTTPS contact forms out there that I could use?
3. Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Thanks
Have you tried JotForm.com? They have the same (free and premium) plans as emailmeform.com. Plus, they have a specific roundabouts to embed your form in Google Sites (they have a gadget made for Google Sites). And yes, JotForm has https url for their forms if you wish to embed it as an iframe.
-- One other solution is resort to using Google Docs form.
Does anyone have any experience with Google sites and trying to load
non-secure content and have any tips? Still awaiting people with
experience....
-- Yes, I have experienced this while trying to put some social media scripts in my Google Sites website and the best thing really was to rid my Sites of those non-secure contents.
For any interested I have kind of answered my questions.
Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
It is possible but you need to have a SSL hosted server.
Are there any HTTPS contact forms out there that I could use?
There are paid solutions for this. Alternatively, write your own html code to post to one of these solutions (free solution is http://www.emailmeform.com/)
Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Still awaiting people with experience....