Jump to content

Google reCaptcha Problems


Frank Auffret

Recommended Posts

We are assuming you are also using CubeCart 6.2.2 with that version of the Foundation skin.

For CC622, everything is coded properly.

I did read somewhere that keys for Invisible only work on Invisible implementation, but keys obtained for V2 work for both V2 and Invisible.

Do forms get POSTed? Using your browser's Developer Tools, you will see on the Network tab the POST event*. Highlighting the POST event, the panel should then show what was POSTed.

* It seems that in Firefox, POST events do not get placed in the Network event list unless there is a response. So, if the POST is actually not happening, the Console Log may show why.

Link to comment
Share on other sites

9 hours ago, bsmither said:

I did read somewhere that keys for Invisible only work on Invisible implementation, but keys obtained for V2 work for both V2 and Invisible.

It is the other way around.  Invisible keys work for Invisible and "I am not a Robot" (formally called V2) but not the other way around.  So always better to get and use Invisible keys regardless of which method people want to use.

Link to comment
Share on other sites

Did a test nothing arrived from the contact form submission

Here's a snippet of the response code

index.php?_a=contact
Request URL: http://www.petiteshowers.co.uk/index.php?_a=contact
Request Method: POST
Status Code: 302 Moved Temporarily
Remote Address: XXXXXXXXXXXXX
Referrer Policy: no-referrer-when-downgrade
HTTP/1.1 302 Moved Temporarily
Date: Thu, 31 Jan 2019 16:02:57 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.5.38-1~dotdeb+7.1
X-Frame-Options: SAMEORIGIN

I also tried to test the store but with Invisible turned on  the Checkout button didn't work either.

Does the store need to be using SSL (https://) for validation to work?

Successful test with invisible off

Link to comment
Share on other sites

That looks like the correct headers for a POST response, but I do not see the Location header telling the browser where to go for the 302 bounce.

Also, we might want to find the POST/request payload. You might find that on a Params tab in the details pane.

Look at CubeCart's System Error Log (admin, Error Log, System Error Log tab). See if there are any messages of interest.

Link to comment
Share on other sites

Hmm looks like Google reCaptcha only works under https://
from the Google documentation:
"The script must be loaded using the HTTPS protocol and can be included from any point on the page without restriction."
This, in effect, means Cubecart doesn't offer contact form validation unless SSL is enabled. 

Link to comment
Share on other sites

Is your reCaptcha currently switched off? If not, I cannot find the code in your page.

Also, it seems you have moved some items around - and that's not a bad thing. But I see that the div block that contains your logo is:

<div class="row id="banner">
<div class="small-12 large-12 columns">
<img src="/skins/petite-foundation/images/top-banner-6.jpg" alt="Petite Showers"></div>
</div>

Note that the class attribute in the first line needs a closing quote.

Link to comment
Share on other sites

On 2/1/2019 at 5:02 PM, havenswift-hosting said:

Why would you think about running an e-commerce site that is not covered with a SSL ??

I always recommend that e-commerce sites run under SSL but there are some clients who don't wish to pay for a security certificate, preferring to let the payment gateway deal with secure transactions.

Link to comment
Share on other sites

 

3 hours ago, Frank Auffret said:

preferring to let the payment gateway deal with secure transactions.

The requirement to have an SSL certificate is very little to do with the payment gateways - although many now require a secure endpoint in order for payment notification updates to function !

How about protecting admin login and all other pages, customer login and account pages and the significant drop in Google rankings for not having an SSL, let alone the very important issue of customer perception of visiting a site that Chrome clearly labels as "Not Secure" - you will lose far more sales on a store than any costs involved and if a few pounds / dollars a year is really that important, have you not heard of LetsEncrypt ?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...