Test Key Set: Enterprise Account (Safe End User) # Test parameter The test keys provide no anti-bot protection, so please double-check that you use them only in your test environment! Test Key Set: Publisher Account # Test parameterĠx0000000000000000000000000000000000000000 The simplest way to circumvent these issues is to add a hosts entry. The hCaptcha API also prohibits localhost and 127.0.0.1 as supplied hostnames. Loading hCaptcha from will encounter the same issue on some browsers. Modern browsers have strict CORS and CORB rules, so opening a file://URI that loads hCaptcha will not work. If you are developing on your local machine there are a few things to keep in mind. The sitekey is not registered with the provided secret. You have used a testing sitekey but have not used its matching secret. The response parameter has already been checked, or has another issue. The response parameter (verification token) is invalid or malformed. The response parameter (verification token) is missing. These are the error codes that can be returned by the hCaptcha API: Error Code Additionally, in the event that your site experiences unusually high challenge traffic, the hostname field may be returned as "not-provided" rather than the usual value all other fields will return their normal values. Please also note that the hostname field is derived from the user's browser, and should not be used for authentication of any kind it is primarily useful as a statistical metric. Some example scenarios when it may appear: site visitor is using a very old browser, or has a poorer than normal history of accuracy. Please note that the credit field is not always included, and that absence of a False credit flag does not guarantee credit was earned. (See /enterprise for details on hCaptcha Enterprise features like bot scores, passive and nearly passive "No-CAPTCHA" modes, and more.) The must be loaded via HTTPS and can be placed anywhere on the page. First, you must include the hCaptcha javascript resource somewhere in your HTML page. HCaptcha requires two small pieces of client side code to render a captcha widget on an HTML page. unsafe-eval and unsafe-inline should include, Add the hCaptcha Widget to your Webpage #.If you are an enterprise customer and would like to enable additional verification to be performed, you can optionally choose the following CSP strategy: connect-src should include, Please do not hard-code specific subdomains, like, into your CSP: asset subdomains used may vary over time or by region.If you use CSP headers, please add the following to your configuration: Your Server->User: Session authorized, proceedĬontent Security Policy (CSP) headers are an added layer of security that help to mitigate certain types of attacks, including Cross Site Scripting (XSS), clickjacking, and data injection attacks. HCaptcha Siteverify->Your Server: Passcode is valid (success is true) Your Server->hCaptcha Siteverify: Is this passcode valid? Your Website or App->Your Server: Form or XHR with hCaptcha passcode HCaptcha Client API->Your Website or App: Passcode embedded in form or returned via JS/callback HCaptcha Client API->User: Returns challenge or passcode User->hCaptcha Client API: Please issue passcode Your Website or App->User: Load hCaptcha JS or SDK User->Your Website or App: Load Website or App Your server now knows the user is not a bot and lets them log in. hCaptcha says it is valid and credits your account. Your server then checks that passcode with the hCaptcha server API. When the user clicks Submit the passcode is sent to your server in the form. They get a passcode from our server that is embedded in your form. You embed the hCaptcha widget on your site. Custom data attributes like theme, size, and tab-index are also supported in the same way by hCaptcha. hCaptcha methods are API-compatible with reCAPTCHA methods, for example render() and onload(). If you're already using Google's reCAPTCHA, you can use your existing code with a few slight changes. To make integration even quicker, wrappers and plugins are available for many frameworks: Angular, Node, Express, ReactJS, VueJS, WordPress and more.Ī complete list of known hCaptcha integrations is also available. It requires either adding some simple HTML and server side code, or using one of the many tools that natively support hCaptcha. The hCaptcha widget can protect your applications from bots, spam, and other forms of automated abuse.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |