Google ReCaptcha for Sitecore Forms

Want to protect your forms from spam and abuse? Google’s reCaptcha is your friend and is adopted as the de facto industry standard.

The Sitecore Forms Extensions module now comes with a control to support google reCaptcha.

Configuration

The recaptcha needs to be configured in the sitecore settings.

There are 2 settings to provide: the private and public key.

These keys can be obtained from recaptcha portal.

Error Message

If you want to customize or translate the error message, create a translation in your dictionary for the key “captcha.required”.

Usage

Once configured, the control can be easily added by content editors onto the form.

Just drag and drop the component from the security toolbox onto the form.

That’s it! No further settings are required.

 

29 Responses to “Google ReCaptcha for Sitecore Forms”

Author's gravatar

Hi,

How can I Validate ReCaptcha submit action and assigned to submit button? Do I need to implement submit action for ReCaptcha control?

Best regards.

    Author's gravatar

    Hi Igor, you just need to add your recaptcha keys (public and private) in the sitecore config files during install.
    Once installed, you just need to add the component on the form, there is no need to configure submit actions.

      Author's gravatar

      I am trying to check some conditions on client side JS. Is there a way to check if the captcha was valid and not missed?

Author's gravatar

Hi Bart,

This is a great extension. Many Thanks!
I integrated Recaptcha in my project and looks good but while submitting the form I get error “An item with the same key has already been added.” in FormBuilder\Form.cshtml. Are you familiar with this error?

    Author's gravatar

    Hi,
    I have the same problem.
    Did anyone solved this?

      Author's gravatar

      I believe you might have solved this issue but for anyone else, if you experienced the same issue, check your field name for each field, all field should have a different name.

        Author's gravatar

        Hi bart.verdonck,

        I am also facing this issue. I get this error only when i am adding recaptcha in my form, without recaptcha form is submitting successfully.

        I checked field names for each field, all have a different name.

        Could you please help?

Author's gravatar

Hi Bart

We are using your recaptcha with extension module, in IE 11 it is not working as image challenge keeps coming up again and again

In Chrome and Firefox it is working, kindly suggest how to fix in IE 11

Author's gravatar

Hi Bart,
Can you please explain, how to custom error message for this recaptcha.

Thanks in advance !!

Author's gravatar

Hi Arvind,
first of all thanks a lot for the module, is there a way to have multiple ReCaptcha on se same page on sitecore 9.0.1 (i’ve seen that you have added it for version 2.2 (for Sitecore 9.1.x))

Thanks in advance
Davide

Author's gravatar

Hi Bart,

We are using your module for Capthca, but Spams are not stopping.

We are using Sitecore 9.0.2 and Forms Extension Module 1.8.1

Kindly suggest what to do.

thanks
Arvind

    Author's gravatar

    Hi Arvind, there was indeed a bug in the version for 1.x version that allowed bypassing the captcha. This has been fixed in the 2.x version.
    Unfortunatly, I will not be release any more updates for 1.x.
    The module is open source, so if you want to make an update to 1.x to secure this, have a look at the Feature.FormsExtensions.Pipelines.ExecuteSubmit.RecaptchaExecutedValidation class.
    Best Regards

Author's gravatar

Hi bart.verdonck,

I have updated the recaptcha key but still I am getting below when I add captcha to form.

“https://www.google.com/recaptcha/api2/anchor?ar=1&k=my-public-key&am………..

I have restarted the application and everything still this is coming could you please help

Author's gravatar

Hi Bart,

Sorry for above comment you can delete that as that is working.

But I am getting issue which is when I add captcha to in form and add form data source to page the captcha is not getting displayed there on the page could you please help me if I am missing anything.

Author's gravatar

Hi Bart,

I integrated Recaptcha in my project and looks good but while submitting the form I get error “An item with the same key has already been added.” in FormBuilder\Form.cshtml. Are you familiar with this error?

It occurs only when i am using recaptcha with submit button.

Author's gravatar

Hi

Is there a way to validate the using the invisible google captcha V3 using the score? Any insights on this ?

    Author's gravatar

    Hi, the module only supports google recaptcha v2. I did not add v3 because the scoring mechanism should work by implementing custom logic to your applications with different scores leading to different behaviour. This would get to complicated for a generic module.

Author's gravatar

Hello, I have set up my domain keys in Google and then added them to the config. I am getting outlines, but errors. I will check to see if there is some sort of block on the google features, but would you know why these may appear or how to go the last step?
\App_Config\Include\Feature\FormsExtensions\Feature.FormsExtensions.Settings.config

In IE I see an outline of the widget with the message: Invalid domain for site key.

In Chrome I see the following: This content is blocked. Contact the site owner to fix the issue.

Many thanks,
Jen
.

    Author's gravatar

    I was advised that our test environments would not honor the domain, hence the error. But when I add the updated config file to my cm/prod environment, the outline doesn’t even appear. The button does not drag and drop with the gray outline as it did in our QA area. Does it matter if prod is multi server and qa is single server? Are there basic installation steps that could have been missed? File Upload, raw html, password, all work fine… I’ll peruse the bug area that you refer to in other posts as well. But any ideas are welcome.

      Author's gravatar

      It turned out we had implemented an iframe policy and the google recaptcha sites were not allowed in. Now I have the widget appearing but as of yet am struggling with a difference in behavior in single server vs. mutli server environments. I can see the recaptcha in single server, but not in our prod. Inspections of code show all sorts of differences.

      One notable difference is in the “good” version, the code shows this:

      and the bad version has this code:

      I hope this will help me identify if there are different versions in play or something altogether different.

        Author's gravatar

        onload=loadCallback –good

        vs.

        onload=loadReCaptchas –bad

Author's gravatar

Hi Bart

We have the requirement where recaptcha will only be displayed if user is detected as robot, which means when user submit the form couple of times then recaptcha will be displayed on the form.
We are using Sitecore 9.1 and Form extension 2.2.1. Any suggestion for above feature will be really appreciated

Thanks in advance
Divya Ruhela

    Author's gravatar

    Hi, I haven’t tried this and I see several aproaches but they will all require some custom code. One possibility is to change the recaptcha component itself and build in some logic there to only show it when the user is detected as a robot. The other aproach is to write a condition and use Sitecore’s conditional form field rendering.

Author's gravatar

Hi Bart,
I keep getting this error:
Refused to load the script ‘https://www.google.com/recaptcha/api.js?onload=loadReCaptchas&render=explicit&hl=en’ because it violates the following Content Security Policy directive:
Can you please help what kind of CSP we need to have for this ?

Leave a Reply to Arvind Sabhnani