20

My site is using Google reCAPTCHA control but I am hearing its being block in China, Is there anyway around this I see there is some people reporting that changing the API to https://www.recaptcha.net works in China?

Anyone try this because I see it still going out to google?

string apiUrl = "https://www.recaptcha.net/recaptcha/api/siteverify?secret={0}&response={1}";

enter image description here

3 Answers3

18

As google says in his assistance page, you should use this domain "www.recaptcha.net" instead "www.google.com" on the api call.

  • First, replace src="https://www.google.com/recaptcha/api.js" with src="https://www.recaptcha.net/recaptcha/api.js"
  • After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.

Obtained from: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally

Edit: to clarify on some of the comments, while if you try it outside of china yes you do get references to gstatic.com but if you try this in china, any references to gstatic.com are replaced with gstatic.cn (don't forget to add it to your SCP). So this solution is still valid.

Eran Medan
  • 44,555
  • 61
  • 184
  • 276
Arm144
  • 721
  • 1
  • 10
  • 23
  • 6
    This used to work, but today it's not anymore. We migrated away from google recaptcha and now use Botdetect (captcha.com). – johey Jan 30 '20 at 08:51
  • Good to know. Thanks @johey – Arm144 Jan 30 '20 at 08:57
  • 1
    Tried this but the code at recaptcha.net contains a call to code at gstatic.com which contains calls to google.com. Can't see how this really helps. – Tony Smith Apr 23 '20 at 19:42
  • 1
    @TonySmith did you try it within China? it worked for me at least via a VPN (all gstatic.com calls were sent to gstatic.cn instead, which didn't seem to get blocked) – Eran Medan Dec 21 '20 at 19:45
  • Just to explicitly clarify the edit at the bottom: for the reason pointed out there, some sites that check to see if content is censored in China will falsely indicate that `recaptcha.net` is not accessible, since they resolve `gstatic.com` instead of `gstatic.cn`. – gparyani Sep 06 '21 at 02:08
4

IMHO, google things are not stable in China as it can be blocked anytime. From Baidu threads, it also mentioned that sometime google recaptcha works, sometime it doesn't. https://www.v2ex.com/t/492752 (Chinese)

In programming world ,unstable function means useless or more code for dealing with exception.

If you really need to use google recaptcha, you would better test properly using VPN (IP in China) first.

Here are some options you can consider,

  1. You can use alternative captcha

    Google will tell you various captcha.

  2. Build your own captcha

Open Source Invisible reCAPTCHA alternatives

  1. Use proxy web server(nginx) to send and receive data to or from google recaptcha
Community
  • 1
  • 1
John
  • 3,304
  • 1
  • 18
  • 26
  • 3
    Another good alternative is [hCaptcha](https://www.hcaptcha.com/). Cloudflare have a nice [blog post](https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/) about this as well. – JvR Aug 17 '20 at 13:59
  • @JvR You should make your comment about hCaptcha an answer by itself. – hargobind Aug 25 '20 at 08:40
  • Guys, I don't want to promote any certain service. The above option 1 already have covered "can use alternative captcha". Also be aware of that not only google but any popular service can be blocked anytime. – John Aug 27 '20 at 13:10
1

I have shared the solution to this problem by using cURL.

https://stackoverflow.com/a/63568516/11910869

cURL acts as a middle man between the client and the server. So even if google.com/recaptcha can not be accessed by the client because it is blocked by the service provider, cURL can act as the proxy to send the HTTP requests and get the response.

Manish
  • 909
  • 6
  • 15