reCAPTCHA-错误代码:验证用户的响应时(缺少关于POST的详细信息)的错误代码:“缺少输入响应",“缺少输入秘密" [英] reCAPTCHA - error-codes: 'missing-input-response', 'missing-input-secret' when verifying user's response (missing details on POST)
问题描述
我正在Web应用程序中设置不可见的reCAPTCHA ,并且无法验证用户的回复. (即使我传递了正确的POST参数)
I am setting an invisible reCAPTCHA in my web application and having trouble verifying the user's response. (even though I am passing the correct POST parameters)
我正在通过在客户端调用grecaptcha.execute();来以编程方式调用挑战.然后使用recaptcha回调提交表单(registrationForm.submit();):
I am programmatically invoking the challenge by calling grecaptcha.execute(); on the client-side. And submitting the form afterwards (registrationForm.submit();) using the recaptcha callback:
<div class="g-recaptcha"
data-sitekey="SITE_KEY"
data-callback="onSubmit"
data-size="invisible">
</div>
现在阅读 验证用户的响应" 文档中,我发现响应令牌作为POST参数传递给g-recaptcha-response:
对于网络用户,您可以通过以下三种方式之一获取用户的响应令牌:
For web users, you can get the user’s response token in one of three ways:
-
用户在您的网站上提交表单时,
- g-recaptcha-response POST参数
- ...
- g-recaptcha-response POST parameter when the user submits the form on your site
- ...
所以我正在使用获取在服务器端向验证端点,其中包含必需的正文数据:
So I am using Fetch to create a POST request on the server side to the verification endpoint with the required body data:
verify(req, res, next) {
const VERIFY_URL = "https://www.google.com/recaptcha/api/siteverify";
return fetch(VERIFY_URL, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
secret: process.env.RECAP_INVIS_SECRET_KEY,
response: req.body['g-recaptcha-response'],
}),
})
.then(response => response.json())
.then(data => {
res.locals.recaptcha = data;
return next();
});
}
但我不断收到以下答复:
But I keep getting the following response:
{ 成功:错误, 错误代码:['missing-input-response','missing-input-secret'] }
{ success: false, error-codes: [ 'missing-input-response', 'missing-input-secret' ] }
即使我在POST正文中将响应和秘密作为JSON数据传递.
Even though I am passing the response and secret as JSON data in the POST body.
我做错什么了吗?问候.
Am I doing something wrong? Regards.
推荐答案
进行一些研究并围绕 application/x-www-form-urlencoded .
Doing a bit of research and digging around the reCaptcha Google forums, It seems that this endpoint only accepts the default content type; application/x-www-form-urlencoded.
这意味着您不应该不使用JSON发送响应令牌和站点密钥.而是按照application/x-www-form-urlencoded定义的方式发送值:
Which means you should not use JSON to send your response token and site key. Instead send the value as how the application/x-www-form-urlencoded defined:
以这种内容类型提交的表单必须按以下方式编码:
Forms submitted with this content type must be encoded as follows:
- 控件名称和值被转义.用[+]替换空格字符,然后按[RFC1738]第2.2节中的描述转义保留的字符:非字母数字字符替换为'%HH',一个百分号和两个十六进制数字,分别表示该字符的ASCII码.特点.换行符表示为"CR LF"对(即'%0D%0A').
- 控件名称/值以它们在文档中出现的顺序列出.名称与值之间用'='分隔,名称/值对之间由'&'分隔.
因此,您有两种方法,一种是通过URL(查询字符串)传递POST参数并将其作为POST请求发送:
Therefore, you got two ways of doing this, either by passing the POST parameters through the URL (query strings) and sending it as a POST request:
https://www.google.com/recaptcha/api/siteverify?secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}
或手动将数据附加到主体,如下所示:
or appending the data to the body manually like so:
verify(req, res, next) {
const VERIFY_URL = "https://www.google.com/recaptcha/api/siteverify";
return fetch(VERIFY_URL, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: `secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}`,
})
.then(response => response.json())
.then(data => {
res.locals.recaptcha = data;
return next();
});
}
这篇关于reCAPTCHA-错误代码:验证用户的响应时(缺少关于POST的详细信息)的错误代码:“缺少输入响应",“缺少输入秘密"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
