ReCaptcha Version 1 will not work on a store with SSL

Hi all,

I decided to share an issue with ReCaptcha Version 1 and SSL in case anyone faces this issue. We had customers who had SSL on their stores and had enabled ReCaptcha. After the upgrade to 3.80 the ReCaptcha stopped working. I believe this is due to the fact that the script tag generated for ReCaptcha version 1 is with http only and a mixed content error is being thrown. So we had to change to ReCaptcha Version 2, which is better of course.
I had a look at the Nop.Web.Framework.Security.Captcha.GRecaptchaControl class which defines the URL for Version 1 like this:

private const string RECAPTCHA_API_URL_VERSION1 = "http://www.google.com/recaptcha/api/challenge?k={0}";

So it will not work on sites with https://

Changing to ReCaptcha Version 2 fixes the issue.

Best Regards,
Stefan

Stefan,

thanks a lot for reporting! We'll fix it soon (work item)

Hi Stefan,

Thanks a lot again! Fixed. Please see this commit.

a.m. wrote:

is this included in 3.80 release?

pepper wrote:
No. It'll be available in version 3.90.

P.S But it's included in the "release-3.80-bug-fixes" branch (not released separately) - https://github.com/nopSolutions/nopCommerce/commits/release-3.80-bug-fixes

a.m. wrote:

Hi Andrei,

Thanks. That is great.

Best Regards,
Stefan