reCaptcha widget doesn't expire and data-expired-callback never fires

[Maciej Krawczyk]

I'm integrating reCaptcha into an ajax contact form. It works... only for the first 2 minutes. reCaptcha expires after 2 minutes, but the widget doesn't change. It doesn't say "session expired" or anything like that, just "Success" and the only thing a user can do is to reload the page and try to submit the form under 2 minutes. Also the data-expired-callback doesn't fire, but data-callback works. 

The website is a test environment on a live a domain, I allow only my ip to access it, but since everything is on clientside, why would Google need to access my website in order to expire the captcha widget. It wouldn't make any sense. 

[Maciej Krawczyk]

Now I tested with explicit render of the widget and it also doesn't expire. I could handle it with a timer to reset the widget after 2 minutes, but that seems a little hacky. Any ideas what is wrong? I'd appreciate any help. If it is a problem with ip, what ip ranges should I allow to access my website?

[Maciej Krawczyk]

I made an example file as simple as possible and allowed all external IPs to access it. So it is not a problem with my code or environment. The file is this:

<html>
<head></head>

<body>

        <div id="google-recaptcha-widget"></div>

<script>
        var recaptchaLoad = function() {

                grecaptcha.render('google-recaptcha-widget', {
                        'sitekey' : 'mysitekey'
                });

        }

</script>

<script src="https://www.google.com/recaptcha/api.js?onload=recaptchaLoad&render=explicit" async defer></script>

</body></html>

[Aimane Machraa]

I am noticing the same behavior, a validated reCaptcha doesn't expire (was expiring correctly on the last week of June). It might be a change introduced in the last update that removed default support for localhost but the fact that it's not documented in the change log makes me think it is a bug rather.

[brad gianulis]

Same here. It was working previously.

Who do we notify about this? I would assume it's a known issue, but you never know.