hCaptcha : CORS error even if I've added a local DN in my Ubuntu host file

Question

Summary

1. Context
2. The problem
   1. Expected behavior
   2. Actual behavior
3. What I've tried
4. Clues to help you to help me
5. Final question

---

Context

I'm trying to locally test on Chromium hCaptcha, set on a form. My Laravel 8 site is running thanks to php artisan serve --host=myhost.

The problem

Expected behavior

I open the form page, hCaptcha shows no error and actually shows the captcha.

Actual behavior

• I go to the form page which contains the hCaptcha widget. (I don't click on the button "Send Form": I actually just go to the form page). The hCaptcha widget doesn't show the captcha but instead shows this error message:

  Limited rate or network error. Please retry.

• I open the Chromium console.

  • In the network tab: I can see this error request (its status = CORS error): https://hcaptcha.com/checksiteconfig?host=myhost&sitekey=XYZ&sc=1&swa=1 (with Referrer Policy: strict-origin-when-cross-origin). Its OPTIONS POST request's status is 200;

  • In the console tab:

  Access to XMLHttpRequest at 'https://hcaptcha.com/checksiteconfig?host=myhost&sitekey=XYZ&sc=1&swa=1' from origin 'https://newassets.hcaptcha.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  hcaptcha-checkbox.js:1 GET https://hcaptcha.com/checksiteconfig?host=myhost&sitekey=XYZ&sc=1&swa=1 net::ERR_FAILED

What I've tried

I've followed the hCaptcha documentation: https://docs.hcaptcha.com/#local-development. Note that I actually followed this doc which is about the vanilla hCaptcha (i.e.: I don't use any Laravel/Blade's implementation of hCaptcha). Thus:

1. Ive typed cat /etc/host:

127.0.0.1 localhost 127.0.1.1 myhost

2. I run my PHP server that serves my Laravel site with: php artisan serve --host=myhost

3. I open my Laravel site with this URL: http://myhost:8000/contact

Clues to help you to help me

I've seen that the hCaptcha docs speak about 127.0.0.1 as you can read it: 127.0.0.1 test.mydomain.com. In my own Ubuntu etc/host I see: 127.0.1.1 myhost myhost(127.0.***1***.1).myhostis actually the host I use so I actually use127.0.1.1instead of127.0.0.1`.

So: perhaps the hCaptcha client must be configured to use 127.0.1.1 instead of 127.0.0.1?

Final question

What could I do to reach the expected behavior from the actual one?

Answer 1

From the hCaptcha documentation:

Modern browsers have strict CORS and CORB rules, so opening a file://URI that loads hCaptcha will not work. Loading hCaptcha from http://localhost/ will encounter the same issue on some browsers. The hCaptcha API also prohibits localhost and 127.0.0.1 as supplied hostnames.

The simplest way to circumvent these issues is to add a hosts entry. For example:

127.0.0.1 test.mydomain.com

Place this in /etc/hosts on Linux, /private/etc/hosts on Mac OS X, or C:\Windows\System32\Drivers\etc\hosts on Windows.

You can then access your local server via http://test.mydomain.com, and everything will work as expected.

Answer 2

Problem was solved by adding this entry in /etc/host (Ubuntu):

127.0.2.1 myhost.local

Of course now I run my site with:

php artisan serve --host=myhost.local

I didn't change anything else. I don't know why it works now. If someone knowing well hCaptcha could explain why it fixed my problem it would be pretty cool :-) .

Edit:

NB: please read the part "What I've tried" in the OP (which is anterior to this answer). The unique difference seems: ".2." in the IP. The type of comment to this answer that would explain why this answer works would be rather "network" than "programming", I think.