I use reCapcha on my local test server. Everything works fine, but I have errors:
Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "http://127.0.0.1:8000". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
And
Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "http://127.0.0.1:8000". The frame requesting access has a protocol of "about", the frame being accessed has a protocol of "http". Protocols must match.
in html:
...
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
...
<div class="g-recaptcha" data-sitekey="..."></div>
How to fix that errors?
Thanks!
Even though same-origin policy blocks scripts from accessing the content of sites with a different origin, if you own both the pages, you can work around this problem using window. postMessage and its relative message event to send messages between the two pages, like this: In your main page: const frame = document.
"So reCAPTCHA's gstatic.com domain doing a triangle sync to google.com basically ensures that a user can be found/tracked if either of those domains is embedded into a website," Edwards said.
Yes! according to Google's FAQ about the reCAPTCHA you are allowed to hide the badge. However, you have to add a note in the “user flow”. You are allowed to hide the badge as long as you include the reCAPTCHA branding visibly in the user flow.
If the reCaptcha failed, then it, mostly, a bot. So no actual action is required. So it could be an ignore action - no response action at all.
If you're using an iframe, this part:
Blocked a frame with origin [url here] from accessing a frame with origin [other url here].
Means it's not going to work. Frames can't interfere with each other, or else people would be able to pilfer your data from one frame in the other one. Check out the same origin policy for more details.
You might be able to simplify things for yourself by getting rid of that mixed-protocol error though: You can access the Google files via http instead of https, so trying that may eliminate half your troubles. (You can also just use a url like this: //www.google.com/recaptcha/api.js
instead of specifying whether to use http or https.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With