![]() ![]() Please contact your integration support engineers for guidance if you have additional questions. Test Key Set: Enterprise Account (Bot Detected) Test parameterįor hCaptcha Enterprise users, the two keypairs above will allow you to verify your application behavior in the most common score scenarios. Test Key Set: Enterprise Account (Safe End User) Test parameter If you are an Enterprise customer, please instead use the test keypairs below to ensure you are consuming score and other Enterprise siteverify fields. ![]() The siteverify response will have the fields found in Publisher and Pro accounts. This keypair will never challenge and always produce the same response token, which will return success: true when passed to the endpoint with this secret. ![]() The test keys provide no anti-bot protection, so please double-check that you use them only in your test environment! Test Key Set: Publisher or Pro Account Test parameterĠx0000000000000000000000000000000000000000 The simplest way to circumvent these issues is to add a hosts entry. The hCaptcha API also prohibits localhost and 127.0.0.1 as supplied hostnames. Loading hCaptcha from will encounter the same issue on some browsers. Modern browsers have strict CORS and CORB rules, so opening a file://URI that loads hCaptcha will not work. If you are developing on your local machine there are a few things to keep in mind. The sitekey is not registered with the provided secret. You have used a testing sitekey but have not used its matching secret. The response parameter has already been checked, or has another issue. The response parameter (verification token) is invalid or malformed. The response parameter (verification token) is missing. These are the error codes that can be returned by the hCaptcha API: Error Code Additionally, in the event that your site experiences unusually high challenge traffic, the hostname field may be returned as "not-provided" rather than the usual value all other fields will return their normal values. Please also note that the hostname field is derived from the user's browser, and should not be used for authentication of any kind it is primarily useful as a statistical metric. Please note that the credit field is not always included, and is scheduled for deprecation in Q3 2023. (See /enterprise for details on hCaptcha Enterprise features like bot scores, passive and nearly passive "No-CAPTCHA" modes, and more.) The must be loaded via HTTPS and can be placed anywhere on the page. First, you must include the hCaptcha javascript resource somewhere in your HTML page. HCaptcha requires two small pieces of client side code to render a captcha widget on an HTML page. unsafe-eval and unsafe-inline should include, Add the hCaptcha Widget to your Webpage .If you are an enterprise customer and would like to enable additional verification to be performed, you can optionally choose the following CSP strategy: connect-src should include, Please do not hard-code specific subdomains, like, into your CSP: asset subdomains used may vary over time or by region.If you use CSP headers, please add the following to your configuration: Pretty simple! Request Flow Content-Security-Policy Settings Ĭontent Security Policy (CSP) headers are an added layer of security that help to mitigate certain types of attacks, including Cross Site Scripting (XSS), clickjacking, and data injection attacks. Your server now knows the user is not a bot and lets them log in. Your server then checks that passcode with the hCaptcha server API. When the user clicks Submit the passcode is sent to your server in the form. They get a passcode from our server that is embedded in your form. You embed the hCaptcha widget on your site. Custom data attributes like theme, size, and tab-index are also supported in the same way by hCaptcha. hCaptcha methods are API-compatible with reCAPTCHA methods, for example render() and onload(). If you're already using Google's reCAPTCHA, you can use your existing code with a few slight changes. To make integration even quicker, wrappers and plugins are available for many frameworks: Angular, Node, Express, ReactJS, VueJS, WordPress and more.Ī complete list of known hCaptcha integrations is also available. It requires either adding some simple HTML and server side code, or using one of the many tools that natively support hCaptcha. The hCaptcha widget can protect your applications from bots, spam, and other forms of automated abuse. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |