> Hi reCAPTCHA users,

> In April, we will begin to turn down the legacy URL for reCAPTCHA's
> HTTPS API.  If your site uses reCAPTCHA over SSL, you will need to
> make a minor code change before April 11.

> If your site does not load the reCAPTCHA challenge API over SSL, you
> do not need to make any changes.  You can tell if you’re using SSL by
> looking at the source of your page(s) which contain reCAPTCHA and
> seeing whether you use "https://api-secure.recaptcha.net" anywhere.

> The transition involves a very simple change to your code.  Any time
> between now and April 11, you need to replace all instances of:https://api-secure.recaptcha.net/XXX
> with:https://www.google.com/recaptcha/api/XXX

> If you don’t make the change before April 11, your users might see SSL
> certificate warnings when visiting your site.  (However, the CAPTCHA
> should still load normally, unless the user has restrictive security
> settings.)

> Most commonly, this shows up as a call to the reCAPTCHA challenge API
> on the page that contains reCAPTCHA, such as:

> <script src="https://api-secure.recaptcha.net/challenge?
> k=XXXYYYZZZ"></
> script>

> This call needs to change to something like this:

> <script src="https://www.google.com/recaptcha/api/challenge?
> k=XXXYYYZZZ"></script>

> ... everything after the /challenge can remain exactly as it was.

> Another thing to look for is if you're including the reCAPTCHA
> JavaScript over HTTPS.  Code that looks like:

> <script src="https://api-secure.recaptcha.net/js/recaptcha.js"></
> script>
> or
> <script src="https://api-secure.recaptcha.net/js/recaptcha_ajax.js"></
> script>

> Would need to change to:
> <script src="https://www.google.com/recaptcha/api/js/recaptcha.js"></
> script>
> or
> <script src="https://www.google.com/recaptcha/api/js/
> recaptcha_ajax.js"></script>

> We're sorry for the inconvenience; please let us know if you have any
> questions or concerns about making this change.  We will be contacting
> SSL-using site owners individually to let them know about this change;
> however we wanted to post in the public forum as well, since we may
> not have up-to-date contact information for all sites.

> Best,
> Colin & the rest of the reCAPTCHA team

<supp...@recaptcha.net> wrote:
> Reminder: we will be making this change later this week -- most likely
> tomorrow.  If your site still uses SSL over the legacy servers (api-
> secure.recaptcha.net), your users will soon start to see SSL warnings
> in their browsers.

> Best,
> Colin

> On Mar 8, 4:44 pm, reCAPTCHA Support <supp...@recaptcha.net> wrote:
>> Hi reCAPTCHA users,

>> In April, we will begin to turn down the legacy URL for reCAPTCHA's
>> HTTPS API.  If your site uses reCAPTCHA over SSL, you will need to
>> make a minor code change before April 11.

>> If your site does not load the reCAPTCHA challenge API over SSL, you
>> do not need to make any changes.  You can tell if you’re using SSL by
>> looking at the source of your page(s) which contain reCAPTCHA and
>> seeing whether you use "https://api-secure.recaptcha.net" anywhere.

>> The transition involves a very simple change to your code.  Any time
>> between now and April 11, you need to replace all instances of:https://api-secure.recaptcha.net/XXX
>> with:https://www.google.com/recaptcha/api/XXX

>> If you don’t make the change before April 11, your users might see SSL
>> certificate warnings when visiting your site.  (However, the CAPTCHA
>> should still load normally, unless the user has restrictive security
>> settings.)

>> Most commonly, this shows up as a call to the reCAPTCHA challenge API
>> on the page that contains reCAPTCHA, such as:

>> <script src="https://api-secure.recaptcha.net/challenge?
>> k=XXXYYYZZZ"></
>> script>

>> This call needs to change to something like this:

>> <script src="https://www.google.com/recaptcha/api/challenge?
>> k=XXXYYYZZZ"></script>

>> ... everything after the /challenge can remain exactly as it was.

>> Another thing to look for is if you're including the reCAPTCHA
>> JavaScript over HTTPS.  Code that looks like:

>> <script src="https://api-secure.recaptcha.net/js/recaptcha.js"></
>> script>
>> or
>> <script src="https://api-secure.recaptcha.net/js/recaptcha_ajax.js"></
>> script>

>> Would need to change to:
>> <script src="https://www.google.com/recaptcha/api/js/recaptcha.js"></
>> script>
>> or
>> <script src="https://www.google.com/recaptcha/api/js/
>> recaptcha_ajax.js"></script>

>> We're sorry for the inconvenience; please let us know if you have any
>> questions or concerns about making this change.  We will be contacting
>> SSL-using site owners individually to let them know about this change;
>> however we wanted to post in the public forum as well, since we may
>> not have up-to-date contact information for all sites.

>> Best,
>> Colin & the rest of the reCAPTCHA team

> --
> You received this message because you are subscribed to the Google Groups "reCAPTCHA Announcements" group.
> To post to this group, send email to recaptcha-announce@googlegroups.com.
> To unsubscribe from this group, send email to recaptcha-announce+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/recaptcha-announce?hl=en.