reCAPTCHA v2 on Android, noscript fallback broken

[Floens]

Dear developers of recaptcha,

My Android app is Clover (http://floens.github.io/Clover/), it's an open-source app for browsing and posting to 4chan. 4chan requires the users to fill in a captcha before posting.

ReCAPTCHA v2 has never been "officially" supported on Android by Google.

Clover uses the noscript fallback (https://developers.google.com/recaptcha/docs/faq#no_js) to post, by loading the noscript page and getting the image/token out of the received html. This method has been broken before, but I have always been able to slightly fix it by changing the User Agent and such.

A recent change in the noscript fallback of ReCAPTCHA v2 broke the my Android implementation, and my users now see an impossible to solve captcha, instead of something easier to solve (a single word):

I never implemented the JavaScript version of Clover because I anticipated it to not work. Can I get any feedback on this? Since the system has been broken in the past, I'd like to use a more reliable method

I look forward to your response.

[Recaptcha Captcha]

Hi, Floens

Thanks for reaching out to us!

It looks like Clover app requests the reCAPTCHA challenges on behalf of 4chan users from browser? If yes, reCAPTCHA doesn't support this case because it may cause the man-in-the-middle attack. In general, the CAPTCHA widget should get hosted on the site owner's page. It would be better if you can make Clover the official 4chan Android app, then we can work with 4Chan and you to make reCAPTCHA work well on Clover (not only fallback but all).

--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+...@googlegroups.com.
To post to this group, send email to reca...@googlegroups.com.
Visit this group at http://groups.google.com/group/recaptcha.
For more options, visit https://groups.google.com/d/optout.

--

reCAPTCHA: stop spam, read books
http://www.google.com/recaptcha

[Floens]

Thank you for your response.

After your response I have created a testing page on my own domain, and created a test app on Android. The app has a WebView and loads a special url on my domain. Then I created a JavaScript binding between the two and got verifying working.

See floens org/captcha/ for the html I used.

Is this code that 4chan.org should have on a special page correct?

I hope you don't mind, but 4chan has stated before that they do not want an official app, nor do I want to make Clover official. Can we still work on a solution? I don't mind contacting 4chan myself.

Again, thank you for your help.

[jigar ladhava]

Hello

Noscript version is not working.always giving "try again".

here is the test page.same problem happening with my other domains too.

http://recaptcha2.autoclickers.org/