Noscript reCaptcha problem
2,154 views
Skip to first unread message
Mike B
Jun 10, 2011, 12:01:15 PM6/10/11
to reCAPTCHA
It's really unfortunate that although sorting out the JS version of
recaptcha for ~99% of my users was so easy it's going to be so
difficult to sort out recaptcha for those without JS - due to the copy
and style there is no way that I can use the official noscript version
of recaptcha on my site.
I understand it's always hardest to cater for the smallest group of
your users, 80-20 principle and all that, so we need solutions and
I've not really seen anyone talking about possibilities - just a lot
of bitching.
I think I will just stick the captcha image and stuff manually in the
form. Unfortunately this means if the user wants a different captcha
they need to reload the entire page, so keeping any form entries means
posting them and rewriting them in, but I might just get around that
by putting it at the start of the form so the user fills it out before
entering any details
Alternatively you could Put in an IFrame directed to your own page and
do a similar thing to the official noscript frame but have control
over the style and copy.
recaptcha for ~99% of my users was so easy it's going to be so
difficult to sort out recaptcha for those without JS - due to the copy
and style there is no way that I can use the official noscript version
of recaptcha on my site.
I understand it's always hardest to cater for the smallest group of
your users, 80-20 principle and all that, so we need solutions and
I've not really seen anyone talking about possibilities - just a lot
of bitching.
I think I will just stick the captcha image and stuff manually in the
form. Unfortunately this means if the user wants a different captcha
they need to reload the entire page, so keeping any form entries means
posting them and rewriting them in, but I might just get around that
by putting it at the start of the form so the user fills it out before
entering any details
Alternatively you could Put in an IFrame directed to your own page and
do a similar thing to the official noscript frame but have control
over the style and copy.
PJH
Jun 10, 2011, 12:12:25 PM6/10/11
to reca...@googlegroups.com
On Fri, Jun 10, 2011 at 5:01 PM, Mike B <mpb...@gmail.com> wrote:
> so keeping any form entries means
> posting them and rewriting them in,
> so keeping any form entries means
> posting them and rewriting them in,
Since you should be POSTing the form entries anyway, what's to stop
you from doing that server side?
e.g.: http://www.spectrum-nashville.com/reCAPTCHA/demo.php
--
PJH
Mike B
Jun 11, 2011, 3:18:08 AM6/11/11
to reCAPTCHA
That example uses the default code which includes an iframe for non-js
with the text -
"We need to make sure you are a human. Please solve the challenge
below, and click the I'm a Human button to get a confirmation code. To
make this process easier in the future, we recommend you enable
Javascript."
- in a large serif font. But you're right it's being posted so the
form entries can be kept.
What I'm wondering now is whether there is an API call where I can
send my public key and I just get a challenge key in return, so far
the only option I know of is either to get http://api.recaptcha.net/noscript?k=
or http://api.recaptcha.net/challenge?k= and scrape out the
challenge key from there, I can't see a way of just requesting a
challenge.
with the text -
"We need to make sure you are a human. Please solve the challenge
below, and click the I'm a Human button to get a confirmation code. To
make this process easier in the future, we recommend you enable
Javascript."
- in a large serif font. But you're right it's being posted so the
form entries can be kept.
What I'm wondering now is whether there is an API call where I can
send my public key and I just get a challenge key in return, so far
the only option I know of is either to get http://api.recaptcha.net/noscript?k=
or http://api.recaptcha.net/challenge?k= and scrape out the
challenge key from there, I can't see a way of just requesting a
challenge.
tom
Jun 12, 2011, 11:10:56 AM6/12/11
to reCAPTCHA
A simple solution that Google could consider is to add parameters to
the API/service at
http://api.recaptcha.net/noscript
so the client can pass style information. For example, a parameter
with value that is a link to a style sheet:
http://api.recaptcha.net/noscript?k=mykey&ss=http%3A%2F%2Fmy.domaon.net%2Frecap.css
Or (or and/or) a parameter with a value that is a string of style
rules:
http://api.recaptcha.net/noscript?k=mykey&sr=p%20%7Bfont-size%3A10px%7D%20a%20%7Bcolor%3Ared%7D
In the first example, the returned page (that you use as iframe
contents) would include a link to the style sheet at http://my.domaon.net/recap.css.
In the second example, the returned page would include style rules p
{font-size:10px} a {color:red} in its html head. If Google were to do
this, they should make the markup more amenable to custom styling.
I know Google wants to push everyone to use JS, and they have the
muscle to push pretty hard, but I don't want to be part of that. If
the user doesn't want to use JS, I don't want to berate her or him
with "To make this process easier in the future, we recommend you
enable Javascript." And I want the page to look decent with JS turned
off.
the API/service at
http://api.recaptcha.net/noscript
so the client can pass style information. For example, a parameter
with value that is a link to a style sheet:
http://api.recaptcha.net/noscript?k=mykey&ss=http%3A%2F%2Fmy.domaon.net%2Frecap.css
Or (or and/or) a parameter with a value that is a string of style
rules:
http://api.recaptcha.net/noscript?k=mykey&sr=p%20%7Bfont-size%3A10px%7D%20a%20%7Bcolor%3Ared%7D
In the first example, the returned page (that you use as iframe
contents) would include a link to the style sheet at http://my.domaon.net/recap.css.
In the second example, the returned page would include style rules p
{font-size:10px} a {color:red} in its html head. If Google were to do
this, they should make the markup more amenable to custom styling.
I know Google wants to push everyone to use JS, and they have the
muscle to push pretty hard, but I don't want to be part of that. If
the user doesn't want to use JS, I don't want to berate her or him
with "To make this process easier in the future, we recommend you
enable Javascript." And I want the page to look decent with JS turned
off.
Mike B
Jun 13, 2011, 4:48:52 AM6/13/11
to reCAPTCHA
Those would make it the easiest to implement.
I now want to get the challenge key so I can make my own form for the
captcha submission. Is there not a lower level api for use in non-
browser applications? If I wanted to put a captcha into a smart phone
application I would probably want to just fetch the image, in this
case I guess I will have to scrape the challenge from one of the two
higher level api requests for challenges.
On Jun 12, 4:10 pm, tom <f...@thefsb.org> wrote:
> A simple solution that Google could consider is to add parameters to
> the API/service at
>
> http://api.recaptcha.net/noscript
>
> so the client can pass style information. For example, a parameter
> with value that is a link to a style sheet:
> http://api.recaptcha.net/noscript?k=mykey&ss=http%3A%2F%2Fmy.domaon.n...
I now want to get the challenge key so I can make my own form for the
captcha submission. Is there not a lower level api for use in non-
browser applications? If I wanted to put a captcha into a smart phone
application I would probably want to just fetch the image, in this
case I guess I will have to scrape the challenge from one of the two
higher level api requests for challenges.
On Jun 12, 4:10 pm, tom <f...@thefsb.org> wrote:
> A simple solution that Google could consider is to add parameters to
> the API/service at
>
> http://api.recaptcha.net/noscript
>
> so the client can pass style information. For example, a parameter
> with value that is a link to a style sheet:
>
> Or (or and/or) a parameter with a value that is a string of style
> rules:
>
> http://api.recaptcha.net/noscript?k=mykey&sr=p%20%7Bfont-size%3A10px%...
> Or (or and/or) a parameter with a value that is a string of style
> rules:
>
>
> In the first example, the returned page (that you use as iframe
> contents) would include a link to the style sheet athttp://my.domaon.net/recap.css.
> In the first example, the returned page (that you use as iframe
International Importers
Jun 17, 2011, 2:18:22 AM6/17/11
to reCAPTCHA
I agree. The noscript challenge actually functions better, allowing
clients to know they've solved the challenge before the form submits
(and possibly loses information).
It also makes much less work for the server, and provides more
security server-side too.
If only we could add style information to the no-script version, and
get rid of the enable javascript message, I would drop the JS version
altogether.
clients to know they've solved the challenge before the form submits
(and possibly loses information).
It also makes much less work for the server, and provides more
security server-side too.
If only we could add style information to the no-script version, and
get rid of the enable javascript message, I would drop the JS version
altogether.
Mike B
Jun 17, 2011, 3:51:54 AM6/17/11
to reCAPTCHA
I've created a separate noscript version where my server requests the
api/noscript and then just scrapes the challenge code from that page,
I then use this on the api/image?c= query to get the image, you can
then just verify as normal and have complete control over the style.
If you're trying to keep server load down however you might not be
interested...
On Jun 17, 7:18 am, International Importers <intnl.impo...@gmail.com>
wrote:
api/noscript and then just scrapes the challenge code from that page,
I then use this on the api/image?c= query to get the image, you can
then just verify as normal and have complete control over the style.
If you're trying to keep server load down however you might not be
interested...
On Jun 17, 7:18 am, International Importers <intnl.impo...@gmail.com>
wrote:
Reply all
Reply to author
Forward
0 new messages