Re: BROWSER_ERROR Recaptcha v2 & v3

Alejandrav · 11-12-2024 03:31 AM

Hello, I am having a problem with reCAPTCHA v2 and v3. It seems that on all the websites where we have it installed, it has stopped working. I have tried all possible methods from reCAPTCHA tutorials, and I switched to version 2 to see if that would fix it.
The error that is returned is browser_error, and it seems to always be the same. This error causes the form to be blocked, and it is not possible to submit it. Or, if I change the way the captcha is implemented and it allows submission, the token is invalid and it's not possible to complete the process.
Why am I almost always getting an invalid token?
Sometimes it works in Chrome, but in other browsers, it doesn't.

vaskenh

I've included some relevant documentation from our side below. This error typically comes up when there is a network timeout or other lack of network connectivity. I've also included a reference below where multiple users found a solution to this by whitelisting the relevant domain in the Recaptcha console in GCP.

https://cloud.google.com/recaptcha/docs/faq#returned_browser_error_when_creating_an_assessment_what_...

https://stackoverflow.com/questions/67104640/recaptcha-browser-error

Alejandrav

Thank you for your quick response!

I followed your instructions, and whenever an error occurred, I would re-run the captcha. Here’s the JS code I applied for that:

$('#CaptchaButton').on('click', function(e) {

e.preventDefault();

let attempts = 0;

function executeCaptcha(){

console.log('Executing reCAPTCHA');

grecaptcha.execute('6LeNsYIqAAAAAHysXpHabpQzSy4lZE-l3Ue2pFbl', {action: 'submit'}).then(function(token) {

ep.ajax({

data: {

ChangeAction: 'ValidateCaptchaResponseAndSubmit',

token: token

},

cache: false,

type: "post",

async: true,

dataType: "json"

})

.success(function( jsonData ){

console.log(JSON.stringify(jsonData));

if (jsonData['success']) {

console.log('SUBMITTING FORM ');

ep("#SFCustomForm").submit();

}

else {

if (attempts < 2) {

console.log('Retrying...');

attempts++;

executeCaptcha();

}else{

console.log('Failed attempts, please try again later');

}

})

.error(function( data, errorMsg, msgAd) {

alert("data: " + data + "errorMsg: " + errorMsg + "msgAd: " + msgAd);

});

}

executeCaptcha();

});

</script>

Despite this change, this is what I am still getting:

And I have included it in the reCAPTCHA keys:

Can you please help me? There’s a lot of spam coming through.
Thank you!

cotist

followed the document you provided and added the logic to allowlisted domains and retried the request, but the issue still isn't resolved on my end either.
Is there no way to fix this?

rossta0825

Sadly, I have had this problem, too, probably for 5 months and it has evidently been blocking our mail form for that entire time -who knows how many attempted messages we lost!. I've just spent 3 days working on this - I'm not a "real programmer" so was mostly just following the instructions I found posted. Finally "rolled my own" solution based upon many debug statements.

The problem I found was the rc-verify operation stopped working. This is where the response received is sent to google's server API for validation. So, I used HTTP::Tiny to do a form POST to the API and get the response, but this response was not a HASH - it was a JSON data structure, so then I used JSON::Parse to convert this to a HASH and set a variable to point to that (reference).

These 2 steps then replaced the rc-verify operation. I did this in PERL with those lines looking like this:

use HTTP::Tiny;         # added this to do the post_form
use JSON::Parse 'parse_json';  # added to parse the API response
my $ua = HTTP::Tiny->new;
my $url = 'https://www.google.com/recaptcha/api/siteverify';
my $form = [ secret => $secret, remoteip => $ENV{'REMOTE_ADDR'}, response => $response ]; 
my $json_result = $ua->post_form($url, $form)->{content};
my $result = parse_json($json_result);
unless ( $result->{success} ) {
   $form_errs .= "captcha ";
}

I'm sure if Captcha::reCAPTCHA::V2 is repaired so that it returns the response to
my $result = $rc->verify($secret, $response,$ENV{'REMOTE_ADDR'} );
then it would probably have taken care of it being in a HASH already and things wouldn't have failed. I am really disappointed in google for this failure, in the first place, and for it going unnoticed for 5 months with no response to these folks who have asked for help. I'm sure a real programmer would have solved this in a few minutes and saved us a lot of damage and lost time.