Jump to content
Frank Auffret

Google reCaptcha Problems

Recommended Posts

Hi
I'm using standard foundation skin from 6.2.2
Signed up at Google for invisible and added keys 
Can't see anything on form page and form submissions don't arrive.
Apart from the keys do I need to add any code from the Google site?

Share this post


Link to post
Share on other sites

We are assuming you are also using CubeCart 6.2.2 with that version of the Foundation skin.

For CC622, everything is coded properly.

I did read somewhere that keys for Invisible only work on Invisible implementation, but keys obtained for V2 work for both V2 and Invisible.

Do forms get POSTed? Using your browser's Developer Tools, you will see on the Network tab the POST event*. Highlighting the POST event, the panel should then show what was POSTed.

* It seems that in Firefox, POST events do not get placed in the Network event list unless there is a response. So, if the POST is actually not happening, the Console Log may show why.

Share this post


Link to post
Share on other sites
9 hours ago, bsmither said:

I did read somewhere that keys for Invisible only work on Invisible implementation, but keys obtained for V2 work for both V2 and Invisible.

It is the other way around.  Invisible keys work for Invisible and "I am not a Robot" (formally called V2) but not the other way around.  So always better to get and use Invisible keys regardless of which method people want to use.

Share this post


Link to post
Share on other sites

Did a test nothing arrived from the contact form submission

Here's a snippet of the response code

index.php?_a=contact
Request URL: http://www.petiteshowers.co.uk/index.php?_a=contact
Request Method: POST
Status Code: 302 Moved Temporarily
Remote Address: XXXXXXXXXXXXX
Referrer Policy: no-referrer-when-downgrade
HTTP/1.1 302 Moved Temporarily
Date: Thu, 31 Jan 2019 16:02:57 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.5.38-1~dotdeb+7.1
X-Frame-Options: SAMEORIGIN

I also tried to test the store but with Invisible turned on  the Checkout button didn't work either.

Does the store need to be using SSL (https://) for validation to work?

Successful test with invisible off

Edited by Frank Auffret
Successful test when reCaptcha off

Share this post


Link to post
Share on other sites

That looks like the correct headers for a POST response, but I do not see the Location header telling the browser where to go for the 302 bounce.

Also, we might want to find the POST/request payload. You might find that on a Params tab in the details pane.

Look at CubeCart's System Error Log (admin, Error Log, System Error Log tab). See if there are any messages of interest.

Share this post


Link to post
Share on other sites

Hmm looks like Google reCaptcha only works under https://
from the Google documentation:
"The script must be loaded using the HTTPS protocol and can be included from any point on the page without restriction."
This, in effect, means Cubecart doesn't offer contact form validation unless SSL is enabled. 

Share this post


Link to post
Share on other sites

In the template content.recaptcha.head.php, we see that the script is hard-coded to use https.

Share this post


Link to post
Share on other sites
7 hours ago, Frank Auffret said:

This, in effect, means Cubecart doesn't offer contact form validation unless SSL is enabled. 

Why would you think about running an e-commerce site that is not covered with a SSL ??

Share this post


Link to post
Share on other sites

Is your reCaptcha currently switched off? If not, I cannot find the code in your page.

Also, it seems you have moved some items around - and that's not a bad thing. But I see that the div block that contains your logo is:

<div class="row id="banner">
<div class="small-12 large-12 columns">
<img src="/skins/petite-foundation/images/top-banner-6.jpg" alt="Petite Showers"></div>
</div>

Note that the class attribute in the first line needs a closing quote.

Share this post


Link to post
Share on other sites
On 2/1/2019 at 5:02 PM, havenswift-hosting said:

Why would you think about running an e-commerce site that is not covered with a SSL ??

I always recommend that e-commerce sites run under SSL but there are some clients who don't wish to pay for a security certificate, preferring to let the payment gateway deal with secure transactions.

Share this post


Link to post
Share on other sites

 

3 hours ago, Frank Auffret said:

preferring to let the payment gateway deal with secure transactions.

The requirement to have an SSL certificate is very little to do with the payment gateways - although many now require a secure endpoint in order for payment notification updates to function !

How about protecting admin login and all other pages, customer login and account pages and the significant drop in Google rankings for not having an SSL, let alone the very important issue of customer perception of visiting a site that Chrome clearly labels as "Not Secure" - you will lose far more sales on a store than any costs involved and if a few pounds / dollars a year is really that important, have you not heard of LetsEncrypt ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...