Received: by 10.224.129.204 with SMTP id p12mr480079qas.18.1302691407173;
        Wed, 13 Apr 2011 03:43:27 -0700 (PDT)
X-BeenThere: recaptcha@googlegroups.com
Received: by 10.224.179.137 with SMTP id bq9ls1155596qab.6.p; Wed, 13 Apr 2011
 03:43:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.205.130 with SMTP id fq2mr442611qab.18.1302691403991; Wed,
 13 Apr 2011 03:43:23 -0700 (PDT)
Received: by w36g2000vbi.googlegroups.com with HTTP; Wed, 13 Apr 2011 03:43:23
 -0700 (PDT)
Date: Wed, 13 Apr 2011 03:43:23 -0700 (PDT)
In-Reply-To: <d09a847c-2079-4442-9e0f-47a50d833f88@d26g2000prn.googlegroups.com>
X-IP: 193.64.35.2
References: <d09a847c-2079-4442-9e0f-47a50d833f88@d26g2000prn.googlegroups.com>
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0)
 Gecko/20100101 Firefox/4.0,gzip(gfe)
Message-ID: <c3dd2742-947d-4624-8fef-fd7c63d4eec0@w36g2000vbi.googlegroups.com>
Subject: Re: IMPORTANT: changes to reCAPTCHA SSL API (api-secure.recaptcha.net)
 on April 11
From: mhalttu <markus.halttu...@sulake.com>
To: reCAPTCHA <recaptcha@googlegroups.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Colin,

Is there some way for us to get notified about important changes like
this without following this whole newsgroup? Your blog hasn't been
updated in almost a year, and I couldn't find any email list to
subscribe to, either. Basically I'd like to get a heads up about any
changes that may break our system, without reading all the discussion
on the group on a daily or even weekly basis.

 - Markus

On Mar 8, 11:35=A0pm, reCAPTCHA Support <supp...@recaptcha.net> wrote:
> Hi reCAPTCHA users,
>
> In April, we will begin to turn down the legacy URL for reCAPTCHA's
> HTTPS API. =A0If your site uses reCAPTCHA over SSL, you will need to
> make a minor code change before April 11.
>
> If your site does not load the reCAPTCHA challenge API over SSL, you
> do not need to make any changes. =A0You can tell if you=92re using SSL by
> looking at the source of your page(s) which contain reCAPTCHA and
> seeing whether you use "https://api-secure.recaptcha.net" anywhere.
>
> The transition involves a very simple change to your code. =A0Any time
> between now and April 11, you need to replace all instances of:https://ap=
i-secure.recaptcha.net/XXX
> with:https://www.google.com/recaptcha/api/XXX
>
> If you don=92t make the change before April 11, your users might see SSL
> certificate warnings when visiting your site. =A0(However, the CAPTCHA
> should still load normally, unless the user has restrictive security
> settings.)
>
> Most commonly, this shows up as a call to the reCAPTCHA challenge API
> on the page that contains reCAPTCHA, such as:
>
> <script src=3D"https://api-secure.recaptcha.net/challenge?k=3DXXXYYYZZZ">=
</
> script>
>
> This call needs to change to something like this:
>
> <script src=3D"https://www.google.com/recaptcha/api/challenge?
> k=3DXXXYYYZZZ"></script>
>
> ... everything after the /challenge can remain exactly as it was.
>
> Another thing to look for is if you're including the reCAPTCHA
> JavaScript over HTTPS. =A0Code that looks like:
>
> <script src=3D"https://api-secure.recaptcha.net/js/recaptcha.js"></
> script>
> or
> <script src=3D"https://api-secure.recaptcha.net/js/recaptcha_ajax.js"></
> script>
>
> Would need to change to:
> <script src=3D"https://www.google.com/recaptcha/api/js/recaptcha.js"></
> script>
> or
> <script src=3D"https://www.google.com/recaptcha/api/js/
> recaptcha_ajax.js"></script>
>
> We're sorry for the inconvenience; please let us know if you have any
> questions or concerns about making this change. =A0We will be contacting
> SSL-using site owners individually to let them know about this change;
> however we wanted to post in the public forum as well, since we may
> not have up-to-date contact information for all sites.
>
> Best,