Server side validation fails for reCAPTCHA on dot local environments
2,249 views
Skip to first unread message
Vincent Nguyen
Jul 7, 2016, 3:35:19 PM7/7/16
to reCAPTCHA
We have internal servers for testing and I can't seem to get my reCAPTCHA to work when the domain is dev.mycompany.local. Anyone else have trouble with this? Of course it works when it's localhost.
Tobias R
Jul 7, 2016, 8:09:06 PM7/7/16
to reCAPTCHA
The problem + info:
I got the same problem and solved it. 3 - 4 days ago recaptcha was working fine on a.b.c.local. Now Recaptcha is always returning 'success' : 'false' if you run it on a.b.c.local. I didn't test it on a.local but I assume it's the same result. It's only accepting localhost for local dev. Why, Google?
By the way, thanks for the tip with localhost. Changing the domain temporarily to localhost did the trick and at least showed me my keys and code are fine and working.
Please note that recaptcha is showing a "recaptcha is running on localhost" notic while you don't see this notice when running it on a.b.c.local.
This new "local dev only on 'localhost'" feature (bug?) is really annoying and I hope google will change this back to *.local as the domain is official (see https://en.wikipedia.org/wiki/.local).
The solution:
Shange your *.local domains to *.localhost in your web servers config as well as your systems host file - and it's working again even without the "recaptcha is running on localhost" notice popping up.
I got the same problem and solved it. 3 - 4 days ago recaptcha was working fine on a.b.c.local. Now Recaptcha is always returning 'success' : 'false' if you run it on a.b.c.local. I didn't test it on a.local but I assume it's the same result. It's only accepting localhost for local dev. Why, Google?
By the way, thanks for the tip with localhost. Changing the domain temporarily to localhost did the trick and at least showed me my keys and code are fine and working.
Please note that recaptcha is showing a "recaptcha is running on localhost" notic while you don't see this notice when running it on a.b.c.local.
This new "local dev only on 'localhost'" feature (bug?) is really annoying and I hope google will change this back to *.local as the domain is official (see https://en.wikipedia.org/wiki/.local).
The solution:
Shange your *.local domains to *.localhost in your web servers config as well as your systems host file - and it's working again even without the "recaptcha is running on localhost" notice popping up.
Vincent Nguyen
Jul 8, 2016, 10:02:57 AM7/8/16
to reCAPTCHA
Thanks Tobias, your workaround worked. Our *.local domains were also working a week ago and now fail validation.
Tobias R
Jul 8, 2016, 10:59:08 AM7/8/16
to reCAPTCHA
Thanks to you too, Vincent, for confirming the issue and fix. I don't know why Google disallowed .local domains and I can't think of how you would want to exploit that but there might be ways.
Let me add that .local domains are banned as it even fails to verify if you
a) add your *.local domain as well as a specific sub-sub-domain like a.b.c.local,
b) turn off hostname verification completely.
Thus you can't use .local at all for recaptcha.
It would be nice if anyone could shed some light on this issue. Why are .local domains now disallowed for recaptcha testing? A changelog for recaptcha would be nice too.
Let me add that .local domains are banned as it even fails to verify if you
a) add your *.local domain as well as a specific sub-sub-domain like a.b.c.local,
b) turn off hostname verification completely.
Thus you can't use .local at all for recaptcha.
It would be nice if anyone could shed some light on this issue. Why are .local domains now disallowed for recaptcha testing? A changelog for recaptcha would be nice too.
srodr...@fol.cl
Jul 8, 2016, 11:31:02 AM7/8/16
to reCAPTCHA
We are having the same problem with the recaptcha, I did turn off hostname verification with no success at all.
Tobias R
Jul 8, 2016, 1:07:31 PM7/8/16
to reCAPTCHA
Change your .local domains to .localhost and you are all good again. Adding hostnames to the list or turning verfication off does not apply to .local domains.
srodr...@fol.cl
Jul 8, 2016, 1:27:15 PM7/8/16
to reCAPTCHA
But the problem there is that the recaptcha will be on localhost not live dev enviroment. So it will not be a true mirror of the production enviroment.
Tobias R
Jul 8, 2016, 2:19:52 PM7/8/16
to reCAPTCHA
I assume you got a *.local domain which points to a web server that's not run on your machine, is that correct?
If so you would have to change your local dns entries from *.local to *.localhost but I'm not sure if *.localhost will actually be queried from the dns server. It might just be interpreted as localhost which is your machine. You could however change your systems hosts file and add *.localhost entries like mywebapp.localhost with ip resolution like so:
mywebapp.localhost 192.168.1.23
The recaptcha behaves the same way on *.localhost as on your production env except that every *.localhost name is accepted as valid hostname regardless of your recaptcha allowed domains list.
If so you would have to change your local dns entries from *.local to *.localhost but I'm not sure if *.localhost will actually be queried from the dns server. It might just be interpreted as localhost which is your machine. You could however change your systems hosts file and add *.localhost entries like mywebapp.localhost with ip resolution like so:
mywebapp.localhost 192.168.1.23
The recaptcha behaves the same way on *.localhost as on your production env except that every *.localhost name is accepted as valid hostname regardless of your recaptcha allowed domains list.
srodr...@fol.cl
Jul 8, 2016, 3:31:34 PM7/8/16
to reCAPTCHA
Cool thanks for the tip and you are right i was running a server for my dev enviroment, i'm gona try the fix, and post again if have any luck.
Vincent Nguyen
Jul 13, 2016, 3:03:44 PM7/13/16
to reCAPTCHA
This (*.local environments) appears to be working for us now. Not sure if Google fixed it, but can anyone confirm on their on if it's working as of today?
Reply all
Reply to author
Forward
0 new messages