Google ReCaptcha for Sitecore Forms

Want to protect your forms from spam and abuse? Google’s reCaptcha is your friend and is adopted as the de facto industry standard.

The Sitecore Forms Extensions module now comes with a control to support google reCaptcha.

Configuration

The recaptcha needs to be configured in the sitecore settings.

There are 2 settings to provide: the private and public key.

These keys can be obtained from recaptcha portal.

Error Message

If you want to customize or translate the error message, create a translation in your dictionary for the key “captcha.required”.

Usage

Once configured, the control can be easily added by content editors onto the form.

Just drag and drop the component from the security toolbox onto the form.

That’s it! No further settings are required.

 

29 thoughts on “Google ReCaptcha for Sitecore Forms

  1. Igor says:

    Hi,

    How can I Validate ReCaptcha submit action and assigned to submit button? Do I need to implement submit action for ReCaptcha control?

    Best regards.

    Reply
    1. bart.verdonck says:

      Hi Igor, you just need to add your recaptcha keys (public and private) in the sitecore config files during install.
      Once installed, you just need to add the component on the form, there is no need to configure submit actions.

      Reply
      1. Rizwan says:

        I am trying to check some conditions on client side JS. Is there a way to check if the captcha was valid and not missed?

        Reply
  2. Natasha says:

    Hi Bart,

    This is a great extension. Many Thanks!
    I integrated Recaptcha in my project and looks good but while submitting the form I get error “An item with the same key has already been added.” in FormBuilder\Form.cshtml. Are you familiar with this error?

    Reply
      1. dewanto adi says:

        I believe you might have solved this issue but for anyone else, if you experienced the same issue, check your field name for each field, all field should have a different name.

        Reply
        1. Saurabh says:

          Hi bart.verdonck,

          I am also facing this issue. I get this error only when i am adding recaptcha in my form, without recaptcha form is submitting successfully.

          I checked field names for each field, all have a different name.

          Could you please help?

          Reply
  3. Arvind Sabhnani says:

    Hi Bart

    We are using your recaptcha with extension module, in IE 11 it is not working as image challenge keeps coming up again and again

    In Chrome and Firefox it is working, kindly suggest how to fix in IE 11

    Reply
  4. Harish says:

    Hi Bart,
    Can you please explain, how to custom error message for this recaptcha.

    Thanks in advance !!

    Reply
  5. Davide says:

    Hi Arvind,
    first of all thanks a lot for the module, is there a way to have multiple ReCaptcha on se same page on sitecore 9.0.1 (i’ve seen that you have added it for version 2.2 (for Sitecore 9.1.x))

    Thanks in advance
    Davide

    Reply
  6. Arvind Sabhnani says:

    Hi Bart,

    We are using your module for Capthca, but Spams are not stopping.

    We are using Sitecore 9.0.2 and Forms Extension Module 1.8.1

    Kindly suggest what to do.

    thanks
    Arvind

    Reply
    1. bart.verdonck says:

      Hi Arvind, there was indeed a bug in the version for 1.x version that allowed bypassing the captcha. This has been fixed in the 2.x version.
      Unfortunatly, I will not be release any more updates for 1.x.
      The module is open source, so if you want to make an update to 1.x to secure this, have a look at the Feature.FormsExtensions.Pipelines.ExecuteSubmit.RecaptchaExecutedValidation class.
      Best Regards

      Reply
  7. Nikhil says:

    Hi bart.verdonck,

    I have updated the recaptcha key but still I am getting below when I add captcha to form.

    “https://www.google.com/recaptcha/api2/anchor?ar=1&k=my-public-key&am………..

    I have restarted the application and everything still this is coming could you please help

    Reply
  8. Nikhil says:

    Hi Bart,

    Sorry for above comment you can delete that as that is working.

    But I am getting issue which is when I add captcha to in form and add form data source to page the captcha is not getting displayed there on the page could you please help me if I am missing anything.

    Reply
  9. Saurabh says:

    Hi Bart,

    I integrated Recaptcha in my project and looks good but while submitting the form I get error “An item with the same key has already been added.” in FormBuilder\Form.cshtml. Are you familiar with this error?

    It occurs only when i am using recaptcha with submit button.

    Reply
  10. Karthik says:

    Hi

    Is there a way to validate the using the invisible google captcha V3 using the score? Any insights on this ?

    Reply
    1. bart.verdonck says:

      Hi, the module only supports google recaptcha v2. I did not add v3 because the scoring mechanism should work by implementing custom logic to your applications with different scores leading to different behaviour. This would get to complicated for a generic module.

      Reply
  11. Jennifer Rose says:

    Hello, I have set up my domain keys in Google and then added them to the config. I am getting outlines, but errors. I will check to see if there is some sort of block on the google features, but would you know why these may appear or how to go the last step?
    \App_Config\Include\Feature\FormsExtensions\Feature.FormsExtensions.Settings.config

    In IE I see an outline of the widget with the message: Invalid domain for site key.

    In Chrome I see the following: This content is blocked. Contact the site owner to fix the issue.

    Many thanks,
    Jen
    .

    Reply
    1. Jennifer Rose says:

      I was advised that our test environments would not honor the domain, hence the error. But when I add the updated config file to my cm/prod environment, the outline doesn’t even appear. The button does not drag and drop with the gray outline as it did in our QA area. Does it matter if prod is multi server and qa is single server? Are there basic installation steps that could have been missed? File Upload, raw html, password, all work fine… I’ll peruse the bug area that you refer to in other posts as well. But any ideas are welcome.

      Reply
      1. Jennifer Rose says:

        It turned out we had implemented an iframe policy and the google recaptcha sites were not allowed in. Now I have the widget appearing but as of yet am struggling with a difference in behavior in single server vs. mutli server environments. I can see the recaptcha in single server, but not in our prod. Inspections of code show all sorts of differences.

        One notable difference is in the “good” version, the code shows this:

        and the bad version has this code:

        I hope this will help me identify if there are different versions in play or something altogether different.

        Reply
        1. Jennifer Rose says:

          onload=loadCallback –good

          vs.

          onload=loadReCaptchas –bad

          Reply
  12. Divya Ruhela says:

    Hi Bart

    We have the requirement where recaptcha will only be displayed if user is detected as robot, which means when user submit the form couple of times then recaptcha will be displayed on the form.
    We are using Sitecore 9.1 and Form extension 2.2.1. Any suggestion for above feature will be really appreciated

    Thanks in advance
    Divya Ruhela

    Reply
    1. bart.verdonck says:

      Hi, I haven’t tried this and I see several aproaches but they will all require some custom code. One possibility is to change the recaptcha component itself and build in some logic there to only show it when the user is detected as a robot. The other aproach is to write a condition and use Sitecore’s conditional form field rendering.

      Reply
  13. Maria says:

    Hi Bart,
    I keep getting this error:
    Refused to load the script ‘https://www.google.com/recaptcha/api.js?onload=loadReCaptchas&render=explicit&hl=en’ because it violates the following Content Security Policy directive:
    Can you please help what kind of CSP we need to have for this ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *