+ Start a Discussion
Cynthia Saalfeld 43Cynthia Saalfeld 43 

Spring 17 reCAPTCHA feature how to "Verify the user's response"

I have successfully added the reCAPTCHA widget to the lead submission form after registering domain and receiving a public and private key pair. (Documentation: https://help.salesforce.com/articleView?id=customizesupport_web_to_case_enable_recaptcha.htm&type=0&language=en_US&release=206.9)
Spring'17 release note: https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_sales_web_to_lead_recaptcha.htm

During testing this functionality, I observed that an individual can bypass the recaptcha and submit the form. There's no validation that requires the user to click "I'm not a robot" in order to post the data.

My question is:
How is the "Verifying the user's response" process done in Salesforce?  Ref. : https://developers.google.com/recaptcha/docs/verify  

Do I need to create an Apex Class for this?
Has anyone successfully implemented this feature.  Salesforce Support was unable to help.

Any help is greatly appreciated!
Missy LongshoreMissy Longshore
Hi Cynthia, This is a great question and is disturbing! I just checked on the idea exchange to see if others are experiencing this and it doesn't look like there's a groundswell of concern yet, but that doesn't mean it's not a problem. One idea you may have tried already is to be sure to test the form from different IP addresses and on different computers/devices. If it's still an issue post back here and we can try to get more eyeballs on this and then you could post an idea to get this fixed! Best of luck, Missy
Jamie EdwardsJamie Edwards
I just uploaded and tested the new reCAPTCHA code and it did work for me.  However, it didn't work exactly the way I thought it would.  If you fill out the form and click submit without verification you still get taken to the "Thank you" screen without any warning.  This made me think the data was sucessfully submitted to Salesforce.  However, when I looked in the "Today's Leads" view in Salesforce that data wasn't there.

Cynthia Saalfeld 9Cynthia Saalfeld 9
Thanks Missy.  I'll definately keep troubleshooting this event.
Cynthia Saalfeld 9Cynthia Saalfeld 9
Hi @Jamie Edwards, it doesn't seem that it's getting the API response mentioned here: https://developers.google.com/recaptcha/docs/verify

  "success": true|false,
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
Linna LandauLinna Landau

One thought you may have attempted as of now is to make certain to test the frame from various IP addresses and on various PCs/gadgets. On the off chance that it's as yet an issue post back here and we can attempt to get more eyeballs on this and after that you could present a thought on get this settled!

Best regards,
Lina, essaywriter (http://cheapessaywriter.net/) .

Cynthia Saalfeld 9Cynthia Saalfeld 9
Thanks Linna.
Lori StippLori Stipp

Here's how I solved the problem of detecting whether the reCAPTCHA worked before allowing the user to click Submit.  Hope this helps.

Dustin NordquistDustin Nordquist
Lori's client-side solution is a good temporary fix, but it is not a long-term solution; bots will (and have already) figure this out. This needs to be fixed server side, which unfortunately is in Salesforce's control. There is an Idea for reCAPTCHA support in Salesforce here: https://success.salesforce.com/ideaView?id=0873A000000TuKAQA0
Kassem LamenKassem Lamen
I have the latest version of reCAPTCHA. On the front end I am using the JS library <script src='https://www.google.com/recaptcha/api.js'></script> and using PHP to validate in my blog post (https://www.kidselectrictoys.com/kids-electric-cars/) but still not work! any help please!
Yogendra JangidYogendra Jangid
you can check here on how to verify the Google reCAPTCHA, this is using the experience site to demonstrate the verification.