Google的新reCaptcha网站验证未返回任何响应 [英] Google's new reCaptcha site verification returns no responce
问题描述
在获得 g-recaptcha-后,我网站验证响应通过用户验证。
I do site verification after getting g-recaptcha-response thru user verification.
我发送带有参数的xhr POST并获得200 OK,但没有响应,因为应该是:
I send xhr POST with parameters and get 200 OK, yet NO response as it should be:
{
"success": true|false,
"error-codes": [...] // optional
}
代码
Code
<script type='text/javascript'>
var onReturnCallback = function(response) {
document.getElementById('resp').innerHTML = response; // works well
//alert('grecaptcha.getResponse() = ' + grecaptcha.getResponse()); // works well too
$.post("https://www.google.com/recaptcha/api/siteverify",
{ secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
response: response,
remoteip : "<?php echo $ip;?>" // optional, does not influence an empty result
}).complete(function( data ) {
alert( "Data returned from POST: " + data.toString() );
console.dir(data);
});
};
</script>
Form.
<form method="post">
<div class="g-recaptcha" data-sitekey="6LdYKQkTAAAAAD9K6-kHspFUPUnftw1RxP5_awi0" data-callback="onReturnCallback" data-theme="light"> </div>
<input name="send" type="submit" />
</form>
我在控制台中打印的对象完全为空(除了 statusText = '错误'),请参见拍摄。
The object that I print in console is totally empty (except for statusText='error'), see the shot.
控制台中还有其他错误:
There is other error in console:
XMLHttpRequest无法加载 https://www.google.com/recaptcha/api/siteverify 。所请求的资源上没有 Access-Control-Allow-Origin标头。因此,不允许访问来源' http://tarex.ru 。
XMLHttpRequest cannot load https://www.google.com/recaptcha/api/siteverify. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://tarex.ru' is therefore not allowed access.
如何处理?我可以更改来源标头吗?如何验证?
How to deal with it? Can i change the origin header? How to verify?
链接到演示。
推荐答案
由于其他原因,无法将XHR( AJAX请求)托管到服务网站的主机之外的其他主机
It is not possible to make XHRs ("AJAX requests") to hosts other than the one serving a website due to the so-called "same origin policy" (SOP) to prevent XSS attacks.
但是,您可以从php代理发布到reCaptcha站点,但是您可以在您自己的主机。在此答案中给出了一个示例。。
However you can post to the reCaptcha site from a php proxy, that you run on your own host. An example for this is given in this answer. This also prevents your secret from being public to people looking at your client-side source code.
另一种可能性(取决于您要使用的服务)是 JSONP 。由于禁止XHR,但不允许从外部主机加载脚本,因此可以通过查询参数将回调函数的名称添加到脚本URL。然后,一旦加载外部资源,就会调用此函数。但是据我所知reCaptcha不支持JSONP。
Another possibility (depending on the service you want to use) is JSONP. As XHRs are prohibited, but loading scripts from foreign hosts is not, it is possible to add the name of a callback function via query parameters to the script URL. This function is then invoked as soon as the foreign resource is loaded. But as far as I know reCaptcha does not support JSONP.
这篇关于Google的新reCaptcha网站验证未返回任何响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
