Google reCaptcha:无法及时验证 [英] Google reCaptcha: Unable to validate in time

问题描述

REQ_PARAM_NAME::validated-captcha
REQ_PARAM_VALUE::Pair(false,无法及时验证.假设有响应正确的.101781)

REQ_PARAM_NAME::validated-captcha
REQ_PARAM_VALUE::Pair(false,Unable to validate in time. Response is assumed correct. 101781)

为什么我会从谷歌收到这条消息?

Why do I get this message from google?

提交表单前勾选了 v2 reCaptcha 复选框，但服务器验证返回上述结果并被拒绝(Salesforce 表单拒绝).

The v2 reCaptcha checkbox is checked before submitting the form, but the server validation returns the above result and is rejected (Salesforce form rejects it).

** 编辑 **

该网站是一个 wordpress 网站.这是我需要在标题中添加的代码:

The website is a wordpress site. Here is the code I needed to add in the header:

<script src="https://www.google.com/recaptcha/api.js"></script> 
<script> function timestamp() {   var response = document.getElementById("g-recaptcha-response"); if (response == null || response.value.trim() == "") {var elems = JSON.parse(document.getElementsByName("captcha_settings")[0].value);elems["ts"] = JSON.stringify(new Date().getTime());document.getElementsByName("captcha_settings")[0].value = JSON.stringify(elems); } } setInterval(timestamp, 500); 
</script>

该表单没有什么特别之处，但已提交给 Salesforce，因此我自己不验证验证码:

The form has nothing special, but is submitted to Salesforce, so I do not validate the captcha myself:

<form action="https://webto.salesforce.com/servlet/servlet..." method=POST">
<input  id="email" maxlength="80" name="email" size="20" type="text" />
<input type=hidden name='captcha_settings' value='{"keyname":"LOGIS_CO","fallback":"true","orgId":"00YXZ000000XYZ","ts":""}'>
<!-- some other fields -->
<div class="g-recaptcha" data-sitekey="xyz..."></div>
<br><input type="submit" name="submit">

结果消息...无法及时验证.假设响应正确.101781)"是 Salesforce 支持提供给我的.所以 Salesforce 表单确实收到了发布的表单，并且他们验证了验证码结果.

The resulting message "...Unable to validate in time. Response is assumed correct. 101781)" was given to me by Salesforce support. So Salesforce form does receive the the posted form and they validate the captcha result.

最后，Salesforce 验证生成的发布表单，他们得到 validated-captcha = false，无法及时验证.假设响应正确.101781. 他们拒绝了这个帖子.因此 Salesforce 支持要求我自己检查此验证码错误消息...

In the end, Salesforce validates the resulting posted form, and they get that validated-captcha = false, Unable to validate in time. Response is assumed correct. 101781. and they reject the post. So Salesforce support asked me to check for this captcha error message myself...

推荐答案

tl;dr 当访问者的系统时钟滞后时，表单无法通过SF验证，可能被认为是延迟提交，因此错误无法及时验证 发生.

tl;dr When a visitor's system clock is lagging behind, the form cannot validated by SF, possibly considered as a delayed submission, so the error Unable to validate in time happens.

当我填写 &提交表单，虽然我没有设置 SF，但我可以使用浏览器的开发人员工具检查发送到 SF 服务器的内容.

When I fill & submit the form, although I dont' have a SF setup, I can inspect what's being sent to SF server by using my browser's developer tools.

除了通常的字段之外，在字段captcha_settings中还有一个额外的信息被发送到名为ts的SF服务器，这是一个使用客户端系统用JavaScript计算的时间戳日期.

Apart from the usual fields, there was an additional information being sent to SF servers named ts inside the field captcha_settings which is a timestamp calculated with JavaScript by using client's system date.

不难猜到它被用于验证.

It was not difficult to guess that it is being used for validation.

所以我决定创建一个 SF 帐户，幸运的是有 30 天的试用选项.创建帐户后，我创建了一个带有自动响应模板的网络案例表单，上面写着 在 Salesforce 中成功创建案例.

So I decided to create a SF account, luckily there was a 30-day trial option. After creating the account I created a web-to-case form with an auto response template simply says Case Successfully Created in Salesforce.

为我的测试域获取了一个 reCAPTCHA v2 令牌并将表单的 HTML 标记放在那里并开始测试.

Acquired a reCAPTCHA v2 token for my test domain and put the form's HTML markup there and started to test.

我提交了 9-10 次表单，没有任何问题.已创建所有案例，我收到了每个案例的电子邮件.

I submitted the form 9-10 times with no problem. All cases created and I received an email for each one.

然后我将系统时钟调回两小时，提交了 2-3 次表格.表单和之前一样成功发送，但这次什么也没发生.我没有收到任何电子邮件.

Then I set the system clock back two hours, submitted the form 2-3 times. The form was sent successfully as before, but this time nothing happened. I did not receive any email.

然后我将系统时钟调整回正确的时间，一切又开始正常工作.

Then I adjusted system clock back to the correct time, and everything started working again as it should.

您可以通过将计算机的系统时钟提前几个小时来重现该问题.

You can reproduce the issue by setting your computer's system clock a couple of hours back.

总而言之，这是SF必须解决的问题.依赖客户端的系统时间，这不是验证过程的可靠来源，绝对是一个糟糕的选择.您可能需要将此问题告知他们.

In summary, this is an issue that SF must fix. Relying on the client's system time, which is not a reliable source for a validation process, is definitely a bad choice. You may want to inform them about this problem.

在 SF 做某事之前，作为一种变通方法，我认为依赖 3rd 方时间戳服务是可以的.

Until SF does something, as a workaround, it would be OK to rely on a 3rd party timestamp service I think.

如果您考虑到这一点，您可以使用以下内容替换标头中的脚本标记.

If you consider that, you can replace script tags in the header with the following.

<script src="https://www.google.com/recaptcha/api.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script> 
<script>
    var currentTimestamp;

    $.getJSON( "http://icanhazepoch.com/", function( data ) {
        currentTimestamp = data * 1000;

        setInterval(timestamp, 500);
    });

    function timestamp() {
        currentTimestamp += 500;

        var response = document.getElementById("g-recaptcha-response");
        if (response == null || response.value.trim() == "") {
            var elems = JSON.parse(document.getElementsByName("captcha_settings")[0].value);
            elems["ts"] = JSON.stringify(currentTimestamp);
            document.getElementsByName("captcha_settings")[0].value = JSON.stringify(elems);
        }
    }
</script>

这样，从服务获取的时间戳将被使用，而不是客户端的系统时钟，每 500 毫秒递增一次.

Whit this way, instead of client's system clock, the timestamp obtained from the service will be used by incrementing every 500ms.

希望能帮到你.

这篇关于Google reCaptcha:无法及时验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！