Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Blocked frame in reCapcha

I use reCapcha on my local test server. Everything works fine, but I have errors:

Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "http://127.0.0.1:8000".  The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.

And

Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "http://127.0.0.1:8000".  The frame requesting access has a protocol of "about", the frame being accessed has a protocol of "http". Protocols must match.

in html:

...
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
...
<div class="g-recaptcha" data-sitekey="..."></div>

How to fix that errors?

Thanks!

like image 983
Lev Avatar asked Nov 25 '14 16:11

Lev


People also ask

How do you resolve a blocked frame with origin from accessing a cross origin frame?

Even though same-origin policy blocks scripts from accessing the content of sites with a different origin, if you own both the pages, you can work around this problem using window. postMessage and its relative message event to send messages between the two pages, like this: In your main page: const frame = document.

What is Gstatic reCAPTCHA?

"So reCAPTCHA's gstatic.com domain doing a triangle sync to google.com basically ensures that a user can be found/tracked if either of those domains is embedded into a website," Edwards said.

Can you hide reCAPTCHA badge?

Yes! according to Google's FAQ about the reCAPTCHA you are allowed to hide the badge. However, you have to add a note in the “user flow”. You are allowed to hide the badge as long as you include the reCAPTCHA branding visibly in the user flow.

What happens when reCAPTCHA v3 fails?

If the reCaptcha failed, then it, mostly, a bot. So no actual action is required. So it could be an ignore action - no response action at all.


1 Answers

If you're using an iframe, this part:

Blocked a frame with origin [url here] from accessing a frame with origin [other url here].

Means it's not going to work. Frames can't interfere with each other, or else people would be able to pilfer your data from one frame in the other one. Check out the same origin policy for more details.

You might be able to simplify things for yourself by getting rid of that mixed-protocol error though: You can access the Google files via http instead of https, so trying that may eliminate half your troubles. (You can also just use a url like this: //www.google.com/recaptcha/api.js instead of specifying whether to use http or https.)

like image 71
rabdill Avatar answered Sep 27 '22 22:09

rabdill