如何在大量域上使用reCAPTCHA v2？ [英] How can I use reCAPTCHA v2 on a large number of domains?

问题描述

reCAPTCHA的先前版本提供了制作可以在任何域上使用的全局密钥的选项。现在，在版本2中，该选项已消失，reCAPTCHA网站声称 V2 API中不支持全局密钥。

The previous version of reCAPTCHA provided the option to make a global key which would work on any domain. Now, in version 2, that option is gone, and the reCAPTCHA site claims that "Global Keys are not supported in the V2 API."

我正在使用大量可以在没有我干预的情况下经常更改的域名，而且我不想不必将每个新域都添加到密钥中。

I'm working with a large number of domain names that can change frequently without my intervention, and I don't want to have to add each new domain to the key.

有没有办法让reCAPTCHA在任何域上工作而无需专门授权每个域？

Is there a way to get reCAPTCHA to work on any domain without specifically authorizing each one?

推荐答案

可以实现reCAPTCHA 2.0版而无需验证每个域： https://developers.google.com/recaptcha/docs/domain_validation

It is possible to implement reCAPTCHA Version 2.0 without verifying each domain: https://developers.google.com/recaptcha/docs/domain_validation

要这样做，请访问管理控制台，然后在您的reCAPTCHA网站下单击相关的API密钥。然后在高级设置下，取消选中验证reCAPTCHA解决方案的来源。

To do so, visit the admin console and click the API key in question under "Your reCAPTCHA Sites". Then under "Advanced Settings", uncheck "Verify the origin of reCAPTCHA solutions".

每个Google这样做都会产生安全风险，然后您需要亲自检查主机名。

Per Google, doing this creates a security risk that then requires you to check the hostname yourself.

自行关闭此保护这就带来了很大的安全风险-您的密钥可以被任何人使用，因为对其所在的站点没有任何限制。因此，在验证解决方案时，您需要检查主机名字段并拒绝来自意外来源的任何解决方案。

Turning off this protection by itself poses a large security risk - your key could be taken and used by anyone, as there are no restrictions as to the site it's on. For this reason, when verifying a solution, you are required to check the hostname field and reject any solutions that are coming from unexpected sources.

---

相关链接： ^{_{（来自 Stack Exchange Information Security ）}}

- 为什么要麻烦验证Google Recaptcha响应的主机名？

这篇关于如何在大量域上使用reCAPTCHA v2？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！