New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reCaptcha v2 does not work if third party cookies are disabled and does not give feedback to the user #155

Closed
DanielaValero opened this Issue Apr 25, 2017 · 5 comments

Comments

Projects
None yet
6 participants
@DanielaValero

DanielaValero commented Apr 25, 2017

When the third party cookies are disabled in the browser, the selection of the user of the tiles, does not get stored, therefore the user is not able to solve the captcha.

It is true, that if the user disables explicitly the third party cookies, or enters the browser in a privacy mode, they would know that any feature that requires cookies will not work as expected.

However, is also true, that in order to provide a better user experience, we should give feedback to the user, when a feature is not working.

Would it be possible to add a note to the user about this?

The feature would theoretically be something like this:

From the reCaptcha to detect if the cookies are not enabled, and if so, render a string to tell the user that the reCaptcha is not going to work, and in order to have it working, the user should enable the third party cookies in the browser.

Steps to reproduce

  1. Disable the third party cookies in chrome or FF
  2. Clean the cookies
  3. Reload the browser
  4. Go to any of the next links, and try to solve the reCaptcha when it shows the tiles

https://www.google.com/recaptcha/api2/demo
http://vividcortex.github.io/angular-recaptcha/

@mastix

This comment has been minimized.

Show comment
Hide comment
@mastix

mastix Apr 25, 2017

We're facing the same issue. Our corporate browser has 3rd party cookies disabled by default, which means that we're having a hard time solving the reCaptcha riddles. :(

mastix commented Apr 25, 2017

We're facing the same issue. Our corporate browser has 3rd party cookies disabled by default, which means that we're having a hard time solving the reCaptcha riddles. :(

@Kasijjuf

This comment has been minimized.

Show comment
Hide comment
@Kasijjuf

Kasijjuf Jul 3, 2017

What is the domain of the third-party cookie reCaptcha uses?

Kasijjuf commented Jul 3, 2017

What is the domain of the third-party cookie reCaptcha uses?

@timreeves

This comment has been minimized.

Show comment
Hide comment
@timreeves

timreeves Mar 1, 2018

My own experience is, with Chromium and FF, both with 3rd party cookies turned off,
reCaptcha V2 can (nowadays) still be used, but it did try to set 2 cookies (blocked):

  • google.com / CONSENT
  • google.com / NID

And anyway it uses calls to 3rd party websites:

timreeves commented Mar 1, 2018

My own experience is, with Chromium and FF, both with 3rd party cookies turned off,
reCaptcha V2 can (nowadays) still be used, but it did try to set 2 cookies (blocked):

  • google.com / CONSENT
  • google.com / NID

And anyway it uses calls to 3rd party websites:

@theking2

This comment has been minimized.

Show comment
Hide comment
@theking2

theking2 May 20, 2018

Hi Tim,
With third party cookies disabled recaptcha does not really work. It keeps on asking new clicks for store fronts, roads, streetsigns and autobusses. After about 15 min of useless clicking Google servers seem to give up and assume that only a human being spends so much time aimless clicking.
What cookies should be enabled to have recaptcha working? (Sony is driving me crazy with this, why no implement a decent 2FA?)

theking2 commented May 20, 2018

Hi Tim,
With third party cookies disabled recaptcha does not really work. It keeps on asking new clicks for store fronts, roads, streetsigns and autobusses. After about 15 min of useless clicking Google servers seem to give up and assume that only a human being spends so much time aimless clicking.
What cookies should be enabled to have recaptcha working? (Sony is driving me crazy with this, why no implement a decent 2FA?)

@rowan-m

This comment has been minimized.

Show comment
Hide comment
@rowan-m

rowan-m Aug 1, 2018

Contributor

This isn't directly related to the PHP code which is what this repo focuses on. However, you might want to look at the v3 support in the most recent release. That uses a wholly invisible reCAPTCHA that just returns a confidence score for the request. This might alleviate some of your issues. Example hosted at https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php

Contributor

rowan-m commented Aug 1, 2018

This isn't directly related to the PHP code which is what this repo focuses on. However, you might want to look at the v3 support in the most recent release. That uses a wholly invisible reCAPTCHA that just returns a confidence score for the request. This might alleviate some of your issues. Example hosted at https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php

@rowan-m rowan-m closed this Aug 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment