问题
am trying to validate the recaptcha using some js code but am getting some permission Errors "Access is Denied" Is it possible to achieve the validation using the javascript validation code alongside ajax across multiple browsers.
<script type="text/javascript">
$(document).ready(function() {
Recaptcha.create("var_public_key", recaptchadiv, {
theme: "clean",
callback: Recaptcha.focus_response_field
});
});
function submitFormData() {
var urlString = "http://www.google.com/recaptcha/api/verify";
var params = encodeURI("remoteip=" + $("#userIp").val() +"&privatekey=" + var_private_key + "&challenge=" + Recaptcha.get_challenge() + "&response=" +
Recaptcha.get_response());
params = encodeURI(params);
var status = document.getElementById("status");
status.className = "";
status.innerHTML = "<b>Submitting your data. Please wait...</b>";
var html = $.ajax({
type: "POST",
url: urlString + "?" + params,
async: false
}).responseText;
alert("ResponseText: " + html + ", Recaptcha.responseText: " + Recaptcha.responseText);
var result = html.split("\n")[0];
if (result == "true") {
status.innerHTML = " ";
return true;
}
else {
status.className = "GlobalErrorText";
status.innerHTML = "Your captcha is incorrect. Please try again";
Recaptcha.reload();
return false;
}
}
</script>
回答1:
@Boug is right, this is called cross site ajax request, you can see this question to see if you can a find a solution Cross-site AJAX requests but....
I think putting your private key for recaptcha in javascript is a vulnerability, recaptcha should be validated on Server Side code, this question contain useful links about how to implement recaptcha in Asp.Net MVC How to implement reCaptcha for ASP.NET MVC? I used this approach and it works perfectly http://www.dotnetcurry.com/ShowArticle.aspx?ID=611&AspxAutoDetectCookieSupport=1
回答2:
You are getting permission error because your ajax code is trying to access a script on a different site (google) as your script. From what I know, I dont think you can do cross site Ajax calls for security reasons
回答3:
The question has already been answered. But, here's some added code that will work in ASP.NET WebForms, which enables you to make a local AJAX request to the page w/ the reCaptcha control, then do server-side captcha validation. The page's web method will return true/false.
I got this code from mindfire solutions, but added the execution of JS functions in the Ajax success callback b/c Ajax is making async callbacks.
Javascript:
<script type="text/javascript">
$(function(e) {
$("#submit").click(function() { // my button is type=button, not type=submit
// I'm using jQuery validation and want to make sure page is valid before making Ajax request
if ( $("#aspnetForm").valid() ) {
validateCaptcha(); // or validateCaptchaJson() if you want to use Json
} // end If ($("#aspnetForm").valid())
}); // end $("#submit").click()
}); // end $(function(e)
function validateCaptcha() {
// Individual string variables storing captcha values
var challengeField = $("input#recaptcha_challenge_field").val();
var responseField = $("input#recaptcha_response_field").val();
// Ajax post to page web method that will do server-side captcha validation
$.ajax({
type: "POST",
url: "page.aspx/ValidateCaptcha",
data: "recaptcha_challenge_field=" + challengeField + "&recaptcha_response_field=" + responseField,
async: false
success: function(msg) {
if(msg.d) { // Either true or false, true indicates CAPTCHA is validated successfully.
// this could hide your captcha widget
$("#recaptcha_widget_div").html(" ");
// execute some JS function upon successful captcha validation
goodCaptcha();
} else {
// execute some JS function upon failed captcha validation (like throwing up a modal indicating failed attempt)
badCaptcha();
// don't forget to reload/reset the captcha to try again
Recaptcha.reload();
}
return false;
}
});
}
function validateCaptchaJson() {
// JavaScript object storing captcha values
var captchaInfo = {
challengeValue: Recaptcha.get_challenge(),
responseValue: Recaptcha.get_response()
};
// Ajax post to page web method that will do server-side captcha validation
$.ajax({
type: "POST",
url: "page.aspx/ValidateCaptcha",
data: JSON.stringify(captchaInfo), // requires ref to JSON (http://www.JSON.org/json2.js)
contentType: 'application/json; charset=utf-8',
dataType: 'json',
success: function(msg) {
if(msg.d) { // Either true or false, true indicates CAPTCHA is validated successfully.
// this could hide your captcha widget
$("#recaptcha_widget_div").html(" ");
// execute some JS function upon successful captcha validation
goodCaptcha();
} else {
// execute some JS function upon failed captcha validation (like throwing up a modal indicating failed attempt)
badCaptcha();
// don't forget to reload/reset the captcha to try again
Recaptcha.reload();
}
return false;
}
});
}
</script>
Page's Web Method (VB.NET):
<WebMethod()> _
Public Shared Function ValidateCaptcha(ByVal challengeValue As String, ByVal responseValue As String) As Boolean
' IDEA: Get Private key of the CAPTCHA from Web.config file.
Dim captchaValidtor As New Recaptcha.RecaptchaValidator() With { _
.PrivateKey = "your_private_key_goes_here", _
.RemoteIP = HttpContext.Current.Request.UserHostAddress, _
.Challenge = challengeValue, _
.Response = responseValue _
}
' Send data about captcha validation to reCAPTCHA site.
Dim recaptchaResponse As Recaptcha.RecaptchaResponse = captchaValidtor.Validate()
' Get boolean value about Captcha success / failure.
Return recaptchaResponse.IsValid
End Function
来源:https://stackoverflow.com/questions/6082650/javascript-jquery-or-ajax-version-of-recaptcha-validate