ReCaptcha v3 not working anymore

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
fanmail
Registered User
Posts: 271
Joined: Fri Mar 18, 2005 2:33 pm

Re: ReCaptcha v3 not working anymore

Post by fanmail »

Looks like reCAPTCHA has simply been turned off on the site at this point, when checking again just now.
I temporally removed the ReCapcha :)

Any idea? ;)
User avatar
ssl
Registered User
Posts: 581
Joined: Sat Feb 08, 2020 2:15 pm
Location: France
Name: Fred
Contact:

Re: ReCaptcha v3 not working anymore

Post by ssl »

Hi
As already said I am thinking of a problem with the configuration of reCAPTCHA
Sorry for my English ... I do my best!

phpBB version: 3.3.3
php version: 8.0.2
fanmail
Registered User
Posts: 271
Joined: Fri Mar 18, 2005 2:33 pm

Re: ReCaptcha v3 not working anymore

Post by fanmail »

:geek: ?
User avatar
ssl
Registered User
Posts: 581
Joined: Sat Feb 08, 2020 2:15 pm
Location: France
Name: Fred
Contact:

Re: ReCaptcha v3 not working anymore

Post by ssl »

Yes it is a question that I ask myself aloud in fact.
What can make reCAPTACHA v3 work on one forum in version 3.3.1 and not on another?
On my forum everything is OK, on yours not.
Sorry for my English ... I do my best!

phpBB version: 3.3.3
php version: 8.0.2
User avatar
EA117
Registered User
Posts: 2061
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ReCaptcha v3 not working anymore

Post by EA117 »

What is the premise here: Were your Google reCAPTCHA v3 keys working when entered into the reCAPTCHA v2 Invisible plugin of phpBB 3.3.0? And now that you've updated to phpBB 3.3.1 and its actual reCAPTCHA v3 plug-in, those same reCAPTCHA v3 keys do not work?

Or were your reCAPTCHA v3 keys working even after you upgraded to phpBB 3.3.1, but at some later point have now stopped working?

The API keys you get from Google are the main "configuration" aspect possible here. If you're still using reCAPTCHA v2 Invisible keys from phpBB 3.3.0, this would certainly be an unusual way for Google to be responding to an "incorrect API key" scenario. But is something you can verify or perhaps already know isn't actually the case.

I've never had to use the "Request domain:" option in the reCAPTCHA v3 plug-in, which exists in case the ability to connect to google.com is blocked. I don't expect you have that issue with where your server is located, but perhaps try reversing the state of whatever "Request domain:" is currently set to, to rule out or affirm whether this has any bearing on the symptom.
User avatar
MarkDHamill
Registered User
Posts: 4366
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: ReCaptcha v3 not working anymore

Post by MarkDHamill »

I encountered this issue with a client. It seems that when using http and calling https, it introduced a cross-site scripting issue. The solution was to install a security certificate and force HTTPS by adding some code in the board's .htaccess file. I also changed the server settings to create https URLs and to use port 443.
Last edited by MarkDHamill on Fri Oct 02, 2020 11:12 pm, edited 1 time in total.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
User avatar
EA117
Registered User
Posts: 2061
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ReCaptcha v3 not working anymore

Post by EA117 »

Interesting, Mark. Thanks for calling that out. Using reCAPTCHA on an HTTP-only site hasn't been an issue in the past, so maybe we need to cast an eye over the Invisible & later v3 support to make sure some kind of dependency wasn't introduced unintentionally. Hmmm, I know I even used the v3 support on a local HTTP-only site when MrGoldy was working on the implementation, and didn't see this kind of fundamental failure.

Maybe identification of the involved web browser is important? Since "cross-site" or "cross security zone" would be a client-determined condition. e.g. We're not talking about an HTTPS connection made by the server-side /vendor/google/recaptcha/src/ReCaptcha/ReCaptcha.php versus the non-HHTPS client connection to the server. More like an HTTPS AJAX or other connection made by Google's Javascript on the client, versus the otherwise non-HTTP client connection to the phpBB server.

Will be interesting to see what we can figure out or duplicate on that.
User avatar
MarkDHamill
Registered User
Posts: 4366
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: ReCaptcha v3 not working anymore

Post by MarkDHamill »

I added an issue in the tracker about this. Also another related one in that reCaptcha requires allow_url_open to be on, but it won't disable it if it's off.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
asavage
Registered User
Posts: 37
Joined: Sun Dec 04, 2005 8:50 pm
Location: Duvall, Wash.
Name: Al Savage
Contact:

Re: ReCaptcha v3 not working anymore

Post by asavage »

MarkDHamill wrote:
Fri Oct 02, 2020 6:06 pm
I encountered this issue with a client. It seems that when using http and calling https, it introduced a cross-site scripting issue.
Thanks for posting this. I was going in circles today until you gave me this clue.
Regards,
Al S.
User avatar
Latinus
Registered User
Posts: 171
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr
Contact:

Re: ReCaptcha v3 not working anymore

Post by Latinus »

MarkDHamill wrote:
Fri Oct 02, 2020 7:57 pm
reCaptcha requires allow_url_open to be on,
this.
User avatar
EA117
Registered User
Posts: 2061
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: ReCaptcha v3 not working anymore

Post by EA117 »

Latinus wrote:
Mon Dec 21, 2020 2:00 pm
reCaptcha requires allow_url_open to be on,
this.
Just for clarity to anyone reading this: The reCAPTCHA v3 plug-in for phpBB 3.3.1 and later will happily work without allow_url_open enabled.

But the default setting for the reCAPTCHA v3 plug-in wants to use "POST" method, which would require allow_url_open to be enabled.

And the problem, for which a phpBB bug now exists, is that when the allow_url_open function is not enabled, the reCAPTCHA v3 plug-in continues to try and default to "POST" anyway.

Visiting the reCATCHA v3 plug-in configuration and choosing one of the other available methods besides "POST" will allow the reCAPTCHA v3 plug-in to succeed, even without allow_url_open enabled.

Future versions of phpBB should not allow the default "POST" method to remain selected during configuration when allow_url_open is not enabled.
User avatar
MarkDHamill
Registered User
Posts: 4366
Joined: Fri Aug 02, 2002 12:36 am
Location: Florence, MA USA
Contact:

Re: ReCaptcha v3 not working anymore

Post by MarkDHamill »

Thanks for the clarification. I wasn't aware a GET request would circumvent the issue.
Need phpBB services or a phpBB consultant? I offer most phpBB services. Getting lost managing phpBB? Buy my book, Mastering phpBB Administration. eBook and paper versions available.
Post Reply

Return to “[3.3.x] Support Forum”