Recapcha appears everywhere

Question

Recapcha appears everywhere

Closed this issue 4 years ago · 9 comments

Finally I managed to make it working (I hope so) on Auth.
But now the recaptcha's block appears everywhere even on a routes where it is not registered. Is it because of the auto-mode?

My routes look like:

Route::group(['middleware' => 'recaptcha'], function() {
    Auth::routes();
 });

Route::get('setlocale/{locale}', 'LangController@setLang');


Route::group(['middleware' => 'auth'], function() {
    // account
    Route::resource('accounts', 'AccountController');
....
}

Why does it appear on every route?

On a separate note. I put the following in the login form as it is suggested in documentation:
<input id="is_robot" type="checkbox" name="is_robot" checked>
and it does not influence anything..

Answer 1 · 2019-12-06T12:07:35.000Z

Captchavel works with two middlewares: one to inject a convenience script on responses, and other to catch the challenge and validate it when it receives a POST Request. The latter must be added manually to the route or group.

Do you mean that the script appears everywhere? If you see the script from google loaded, but not the challenge, it's okay, it's designed to be that way so it can gather much more data (as google says).

If I remember correctly, the auto mode will put a script that will detect a form in each view and inject the challenge to it (via javascript). Manual will disable this, so you will have to manually put the convenience script yourself.

About the is_robot thing, It checks it on the query string. I don't know why I did that. I will change it to check if it exists on the query or as part of the input.

Answer 2 · 2020-04-08T16:43:39.000Z

maby check for data-recaptcha before injecting the script?

    /**
     * Injects the front-end Scripts
     *
     * @param \Illuminate\Http\Response $response
     * @return \Illuminate\Http\Response
     */
    protected function injectScript(Response $response)
    {
        // check for data-recaptcha 
        if (! $endHeadPosition = stripos($content = $response->content(), 'data-recaptcha')) {
            return $response;
        };

        // To inject the script automatically, we will do it before the ending
        // head tag. If it's not found, the response may not be valid HTML,
        // so we will bail out returning the original untouched content.
        if (! $endHeadPosition = stripos($content = $response->content(), '</head>')) {
            return $response;
        };

        $script = $this->view->make('captchavel::script', ['key' => $this->key])->render();

        return $response->setContent(
            substr_replace($content, $script, $endHeadPosition, 0)
        );
    }

Answer 3 · 2020-04-08T17:47:57.000Z

maby check for data-recaptcha before injecting the script?

    /**
     * Injects the front-end Scripts
     *
     * @param \Illuminate\Http\Response $response
     * @return \Illuminate\Http\Response
     */
    protected function injectScript(Response $response)
    {
        // check for data-recaptcha 
        if (! $endHeadPosition = stripos($content = $response->content(), 'data-recaptcha')) {
            return $response;
        };

        // To inject the script automatically, we will do it before the ending
        // head tag. If it's not found, the response may not be valid HTML,
        // so we will bail out returning the original untouched content.
        if (! $endHeadPosition = stripos($content = $response->content(), '</head>')) {
            return $response;
        };

        $script = $this->view->make('captchavel::script', ['key' => $this->key])->render();

        return $response->setContent(
            substr_replace($content, $script, $endHeadPosition, 0)
        );
    }

There is no need since the script itself checks if there are forms worth of adding the reCAPTCHA token. Otherwise, your solution means traversing the whole response two times.

Answer 4 · 2020-04-08T17:50:31.000Z

Why did i close this? I'm fixing it right now.

Answer 5 · 2020-04-09T14:11:25.000Z

Fixed the robot thing in 2.1.1. The recaptcha script appearing everywhere it's intended.

Answer 6 · 2020-04-10T10:45:38.000Z

It uses a lot of space for small devices. Is it required to be on every pages other that where it is used?

Answer 7 · 2020-04-10T15:13:37.000Z

It uses a lot of space for small devices.

Can you explain? I don't think is a performance hog in any case, unless an expert comes and says so.

In any case, if you consider this works worse for your application, you can go full manual and inject it manually.

Answer 8 · 2020-04-14T11:03:53.000Z

I think what the OP is getting at is the fact that the recaptcha logo appears on all pages across the site once installed (certainly for me). I only need it on the contact from page yet it appears on all pages even those in the admin area (using Nova - see image).

I would have though that most users would only want the Captcha JS (and logo) loading on the intended page.

Answer 9 · 2020-04-14T16:00:06.000Z

Oh, I get it. Should you use the manual mode then?

https://github.com/DarkGhostHunter/Captchavel/blob/master/README.md#manual