Currently on my site the invisible recaptcha is not working on my registration page, and upon submit, the recaptca is failing and I have INVISIBLE_RECAPTCHA_DEBUG=true but don't see any logs inside of laravel.log or console errors. Where does this debug show up?

<div id="_g-recaptcha"></div>
<div class="g-recaptcha" data-sitekey="x" data-bind="send-btn" data-callback="_submitForm"></div><script src="https://www.google.com/recaptcha/api.js" async defer></script>

<script>var _submitForm,_captchaForm,_captchaSubmit;</script>
<script>
window.onload=function(){_captchaForm=document.querySelector("#_g-recaptcha").closest("form");
_captchaSubmit=_captchaForm.querySelector('[type=submit]');
_submitForm=function(){if(typeof _submitEvent==="function"){_submitEvent();grecaptcha.reset();}else{_captchaForm.submit();
}}}
</script>

this is the HTML generated by  {!! app('captcha')->render() !!}

the g-recaptcha-response in $_REQUEST comes back empty as well.

Uncaught TypeError: $(...).tooltip is not a function at HTMLDocument. (skyweb.frame.js:32) at j (jquery.min.js:2) at Object.fireWith [as resolveWith] (jquery.min.js:2) at Function.ready (jquery.min.js:2) at HTMLDocument.J (jquery.min.js:2)

When the multiform invisible recaptcha is used, I get this error :/

This is an automated pull request from Shift to update your package code and dependencies to be compatible with Laravel 8.x.

Before merging, you need to:

• Checkout the l8-compatibility branch
• Review all comments for additional changes
• Thoroughly test your package

If you do find an issue, please report it by commenting on this PR to help improve future automation.

This request just splits out the render method into completely optional separate methods and directives which can be used to pull the script tags out of the main <form> - allowing you to use this with VueJS and any other HTML template based Javascript framework that might restrict script tags in the template.

Console error:

Uncaught Error: Missing required parameters: sitekey at new es (recaptcha__en.js:402) at new ys (recaptcha__en.js:408) at Ks (recaptcha__en.js:416) at recaptcha__en.js:416 at Array.forEach () at Ls (recaptcha__en.js:416) at vs (recaptcha__en.js:421) at ws (recaptcha__en.js:408) at recaptcha__en.js:423 at recaptcha__en.js:431

My INVISIBLE_RECAPTCHA_SITEKEY and INVISIBLE_RECAPTCHA_SECRETKEY env variables are set.

Hello, thank you for your cool package.

I have issue with multiple re captchas on single page. I have 3 forms, login, registration and reset password.

2 of them hidde, when you click button, appears form we need. I do not want to do this with ajax or async loading forms. Because user can loop it and do bad stuff to server, loading forms. So i think this is bad practice to do like that.

When i use @captcha($lang = null) on all my 3 forms, it show 2 error for other 2 form. So only 1 re-captcha works, other to not.

ERROR Uncaught Error: ReCAPTCHA placeholder element must be empty at nr (recaptcha__ru.js:473) at recaptcha__ru.js:478 at c (recaptcha__ru.js:468)

How to fix it? Or i should try visible captcha? Will it work?

Hello, I have multiple forms in the same page that uses invisible reCaptcha the issue with this library is that when rendering the captcha using

{!! app('captcha')->render(); !!}

It creates a _g-recaptcha id

 <div id="_g-recaptcha"></div>

  and also loads https://www.google.com/recaptcha/api.js script

if you could simple change _g-recaptcha to use a class and load the script once with some other way like app('captcha')->init(). Multi form support should work perfectly.

For the time being i will try to do it manually in the frontend without using app('captcha')->render() method, but i hope that you will support this in the future.

Hi, I've seen your multi-form branch, but I'd like to know how to use it correctly. I have 1 form that always appears in the footer of the website (newsletter), and sometimes the contact form appears on other pages.

In that case, how do I call the recaptcha? Can I use "@captcha()" in each form, or should I encode JS for face form?

Hello There,

I was trying to hide the badge on the bottom right but it didnt work like i wanted it to. Here is my .env file.

And this is what i see in my frontend.

In blade im using this.

The HTML you output is correct look at this.

Im not 100% sure how but when i inspect the badge winch has class .grecaptcha-badge indeed. The style from the class is never applied to it. I don't understand why because the i have no other classes named .grecaptcha-badge and i don't ajax load any html or css code for styles and the captcha is loaded with the page by default.

Just thinking might it be a race condition where the class in css is defined but the object is rendered via javascript later. It should not be i know because the css is defined before the badge is rendered but it still comes to mind ..

OR !! When the javascript renders it importants and other css rule show the badge and that will over write your display: none rule. That must be it i think .. You can fix that with javascript and maybe add a section to your views and tell the users to yield the javascript code in the footer. Im going to test this now ..

Okey i got most working now with css but it still has a border like this

iframe[src^="https://www.google.com/recaptcha/api2/anchor"] {
  visibility: hidden;
}

This hides the badge BUT does not hide its border .. we need to investigate more.

I just figured it out to hide both the iframe internals and the border you need this javascript code. After the document loaded (so the iframe == the loaded as well)..

We need to do the below code because google adds inline style properties to the .grecaptcha-badge element. We could do without it if a stylesheet would be loaded after the DOM is ready but right now we cant so we need some javascript (so sad).

document.addEventListener('DOMContentLoaded', function () {
  let box = document.querySelector('.grecaptcha-badge');
  box.style.boxShadow = 'none'
});

This will hide the google Recaptcha box 100%. It might be as well that you also set a display as none (or visibilty:hidden) as that value on document ready. i Think the code evaluated singe you wrote it.. So its one ore the other both do it via javascript or half on half ..

Thanks for listening .. sleep well have a good day ..

Johnny Mast...

Hi, it seems the INVISIBLE_RECAPTCHA_BADGEHIDE env is doing nothing.

my .env:

INVISIBLE_RECAPTCHA_SITEKEY=my_key
INVISIBLE_RECAPTCHA_SECRETKEY=my_key
INVISIBLE_RECAPTCHA_BADGEHIDE=true
INVISIBLE_RECAPTCHA_DEBUG=false

my form:

`
/* ... */
{!! app('captcha')->render(LaravelLocalization::getCurrentLocale()) !!}
/* ... */
<button type="submit" class="btn btn-primary btn-rounded">
    submit
</button>

the result:

Could we add full support for multiple form Recaptcha on this?

In the docs, I've read it saying that most of the time if you need Recaptcha more than once on a single page, you're doing it wrong. That can't be further from the truth.

Explain then how you go around with a login page, that accepts email and password and is validated by Recaptcha, and at the same time, has a button on the side of that same page. And that button opens a feedback form, also validated by Recaptcha.

Right now, I do see some dev support for multiple Recaptcha on the page, but it looks like it can only be done through jquery.

Any advice would be appreciated.

I see the badge logo on bottom right corner but the validation always fails. Also got "g-recaptcha-response": null when debug the request using request()->all() I'm using the test key as stated here: https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha.-what-should-i-do

Laravel v6.20.x albertcht/invisible-recaptcha v1.9.7

Hey, I'd like to request you to issue a CVE for this pull request.

Summary

As I'm doing security research during my bug bounty activities I stumbled upon an issue with a client that uses invisible-recaptcha

specifically speaking, the issue is within the "ac" parameter

As I discovered the vulnerability during my BlackBox approach, I decided to report it in this repo and to see the white box root cause of the matter.

The url of my proof of concept looked like the following:

invisibleRecaptcha?sitekey=XXXXXX&lang=XX&label=XXX&ac=</script><a%20href=javascript:alert(document.domain)>hi</a>

The payload I used was to escape the javascript context that the input was injected into and insert my own Cross Site Scripting code.

Hi, please take a look at the lazy load option.

captcha['options']['lazyLoad'] = env('INVISIBLE_RECAPTCHA_LAZYLOAD', false)

This feature delay loading recapcha for better google pagespeed rank.

Hi, i saw you added some optimizations for VueJS which works nicely, but i found a minor bug.

Follow these steps in Laravel app with VueJS

1. Implement recaptcha with your VueJS guidelines (polyfill part to head, html in form and script part placed outside of Vue wrapper element)
2. DISABLE recaptcha badge in config

Now just load page and you can see that Vue framework throw and error that you have style placed inside your Vue part. That is because @captchaHTML actually also include style with display:none on the badge.

You can easily fix this by placing style tag in the @captchaPolyfill and not @captchaHTML.

Many thanks for great package and have a nice day!