gpt4 book ai didi

node.js - reCAPTCHA - 验证用户响应时的错误代码 : 'missing-input-response' , 'missing-input-secret'(缺少 POST 详细信息)

转载 作者:行者123 更新时间:2023-12-03 21:14:30 26 4
gpt4 key购买 nike

我正在设置 invisible reCAPTCHA在我的 Web 应用程序中并且无法验证用户的响应。 (即使我传递了正确的 POST 参数)

我通过调用 grecaptcha.execute(); 以编程方式调用挑战在客户端。然后使用recaptcha回调提交表单( registrationForm.submit(); ):

<div class="g-recaptcha"
data-sitekey="SITE_KEY"
data-callback="onSubmit"
data-size="invisible">
</div>

现在读完 "Verifying the user's response"文档,我认为响应 token 作为 POST 参数传递给 g-recaptcha-response :

For web users, you can get the user’s response token in one of three ways:

  • g-recaptcha-response POST parameter when the user submits the form on your site
  • ...


所以我正在使用 Fetch在服务器端创建一个 POST 请求到 verification endpoint使用所需的 body 数据:

verify(req, res, next) {
const VERIFY_URL = "https://www.google.com/recaptcha/api/siteverify";

return fetch(VERIFY_URL, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
secret: process.env.RECAP_INVIS_SECRET_KEY,
response: req.body['g-recaptcha-response'],
}),
})
.then(response => response.json())
.then(data => {
res.locals.recaptcha = data;
return next();
});
}

但我不断收到以下回复:

{ success: false, error-codes: [ 'missing-input-response', 'missing-input-secret' ] }



即使我在 POST 正文中将响应和 secret 作为 JSON 数据传递。

难道我做错了什么?问候。

最佳答案

做一些研究和挖掘 reCaptcha Google forums ,看来这个端点只接受默认的内容类型; application/x-www-form-urlencoded .
这意味着你应该 不是 使用 JSON 发送您的响应 token 和站点 key 。相反,将值发送为 application/x-www-form-urlencoded定义:

Forms submitted with this content type must be encoded as follows:

  1. Control names and values are escaped. Space characters are replaced by '+', and then reserved characters are escaped as described in [RFC1738], section 2.2: Non-alphanumeric characters are replaced by '%HH', a percent sign and two hexadecimal digits representing the ASCII code of the character. Line breaks are represented as "CR LF" pairs (i.e., '%0D%0A').
  2. The control names/values are listed in the order they appear in the document. The name is separated from the value by '=' and name/value pairs are separated from each other by '&'.

因此,您有两种方法可以做到这一点,通过 URL(查询字符串)传递 POST 参数并将其作为 POST 请求发送:
https://www.google.com/recaptcha/api/siteverify?secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}
或手动将数据附加到正文,如下所示:
verify(req, res, next) {
const VERIFY_URL = "https://www.google.com/recaptcha/api/siteverify";

return fetch(VERIFY_URL, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: `secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}`,
})
.then(response => response.json())
.then(data => {
res.locals.recaptcha = data;
return next();
});
}
谷歌官方文档可以在这里找到:
Recaptcha - Verifying the user's response.

关于node.js - reCAPTCHA - 验证用户响应时的错误代码 : 'missing-input-response' , 'missing-input-secret'(缺少 POST 详细信息),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52416002/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com