Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Google ReCaptcha not working

We ave added the ReCaptcha. If you see the page, seems to be all right. But in effect the protection is inactive.

Added in
    <script src="" async defer></script>

Added in
                    <div class="g-recaptcha" data-sitekey="OURKEY"></div>

Any solution to this problem?

We must protect the system from Bots!


  • Sorry, just to clarify, you're getting fake tickets via the webform, despite the Captcha? so you've added Google's ReCaptcha, and that isn't working.

    Surely those are just the client-facing form files? How are you verifying the response from Google?  You need to intercept the form and verify the JSON from Google, then allow/deny the form.

  • Grizly, please try this

    If you don't touch the recaptcha, the form is already sent.
    I have tested the messages from/to Google and this works.
  • I'll say it again, but in a different way, you've only done the first half.

    Read the link I posted above, it's literally step two of implementing it yourself and starts:

    "This page explains how to verify a user's response to a reCAPTCHA challenge from your application's backend. When a reCAPTCHA is solved by end user, we will return a user response token.

    It doesn't even try to prevent the form being sent!

    If you were a bot writer, would you bother implementing a full JavaScript stack if it worked fine without JavaScript?
Sign In or Register to comment.