1

I am having problems trying to use the <p:captcha>. I am getting the following error in FireFox v34.0.5:

Blocked loading mixed active content "http://www.google.com/recaptcha/api/challenge?k=xxxxxxxxxxxxxxxxxxxxxxxxx"

The check button is showing but not the captcha image

My applications is hosted in a secure (HTTPS) server but seems the captcha is connecting to a non secure server using HTTP

This is my web.xml file:

<context-param>
    <param-name>primefaces.PUBLIC_CAPTCHA_KEY</param-name>
    <param-value><xxxxx_recaptcha_generated_public_captcha_key></param-value>
</context-param>
<context-param>
    <param-name>primefaces.PRIVATE_CAPTCHA_KEY</param-name>
    <param-value><xxxxx_recaptcha_generated_private_captcha_key></param-value>
</context-param>

And my view file (forgottenOPassword.xhtml):

<p:captcha label="Captcha" rendered="#{passBB.showCaptcha}"/>

<p:commandButton actionListener="#{passBB.verifyCaptcha}"
                 ajax="false" 
                 icon="ui-icon-check"
                 rendered="#{passBB.showCaptcha}"
                 value="Check"/>
John Alexander Betts
  • 4,718
  • 8
  • 47
  • 72

1 Answers1

2

Set the secure attribute of <p:captcha> to true. See also VDL documentation: "Enables https support".

<p:captcha ... secure="true" />

Or if you'd like to let it depend on the current request (e.g. when you've 2 versions of the webapp and the captcha is placed in some reusable tagfile/component), then check HttpServletRequest#isSecure() instead:

<p:captcha ... secure="#{request.secure}" />

Either way, if it evaluates to true, then the CaptchaRenderer will use https instead of http.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555