jQuery Recaptcha v2 缺失输入响应与 Cors-Anywhere

jQuery Recaptcha v2 missing-input-response with Cors-Anywhere

我在 Recaptcha 调用时遇到问题。

这是我的 jQuery 调用中的代码。

function getCaptchaData(website, cellNumber, firstName, lastName, emailAddress, password) {
  //return new Promise(function(resolve, reject) {
    $.ajax({
      url: website,
      type: 'POST',
      cache: false,
      contentType: 'application/x-www-form-urlencoded',
      success: function(data) {
        // alert(website);
        // alert(data);
        alert("getCaptchaData Success!!");
        json_string = JSON.stringify(data);
        alert(json_string);
        //resolve(json_string); // Resolve promise and go to then()
        callLoadPromoter(cellNumber, firstName, lastName, emailAddress, password);
        return true;
      },
      error: function(err) {
        alert("getCaptchaData Fail");
        //alert(website);
        //alert(err);
        //err_json = JSON.stringify(err);
        //console.log(err_json);
        //alert(err_json);
        return false;
        //reject(err); // Reject the promise and go to catch()
      }
    });
  //});
}

这是我的 Recaptcha v2 网址:

https://cors-anywhere.herokuapp.com/https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>&response=03AOLTBLTGkHw5sNY23SCuPR5iMstGVC2U91XfJFfKSff1Xezq6rcGfg6PLFG9-Eu3hgU8JkeOpjR2znioTXGc10Cb2HuPacAto2_xptTTIkIt_W6SCdJnJLWpkrhyzalQzsHp51_sYzNxuj0o3XNdoLsu0kNsgV546aQy5YSNGk4JLLwJKMkr3qIAIfgq4E022oOBvvR0ij25pe1-2Nar8KJP4cTgxcPEjrma7nEMU0dgO0oQPlthpwDa-titGVVXHCkd9mv2ZDvagg9tX5B-k1D-Dv1MbPZlLoDHBSDC-gqku-LygW01esWbc-vEpm958JqJv0atZ9v9PydMiXY0MT-k-O3wFtGZdp6itdbFBfvuYZpgBWmr33RhwyIUDLF1ivlzLts8Q6MveThrX20TLnNGUlEjTWZ1YqiNZWZGtlzQcHyKZ7mCX8JezW7MbiSMVAbbBnGvVEZByb9W9DwFanmjzf4MHq4nGm3BKobYSApfOd3G7iWWu4D5kku3L0SsNAvUWJiZuPk7rD5zGN9OjDV1rGKi9Sw9hcz5XBrFc_l9MglaQnKfllr2Quz9JyQuplxnSragvAXDkJ99xfUTPvbeE4KmLk62bQ

我想可能是 cors-everywhere.herokuapp 部分,所以我使用 cURL 来检查它。看起来不是这样。这是我使用的 cURL 代码:

curl -H "Origin: https://cors-everywhere.herokuapp.com" -H "Content-type: application/x-www-form-urlencoded; charset=utf-8" https://cors-anywhere.herokuapp.com/https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>&response=03AOLTBLTGkHw5sNY23SCuPR5iMstGVC2U91XfJFfKSff1Xezq6rcGfg6PLFG9-Eu3hgU8JkeOpjR2znioTXGc10Cb2HuPacAto2_xptTTIkIt_W6SCdJnJLWpkrhyzalQzsHp51_sYzNxuj0o3XNdoLsu0kNsgV546aQy5YSNGk4JLLwJKMkr3qIAIfgq4E022oOBvvR0ij25pe1-2Nar8KJP4cTgxcPEjrma7nEMU0dgO0oQPlthpwDa-titGVVXHCkd9mv2ZDvagg9tX5B-k1D-Dv1MbPZlLoDHBSDC-gqku-LygW01esWbc-vEpm958JqJv0atZ9v9PydMiXY0MT-k-O3wFtGZdp6itdbFBfvuYZpgBWmr33RhwyIUDLF1ivlzLts8Q6MveThrX20TLnNGUlEjTWZ1YqiNZWZGtlzQcHyKZ7mCX8JezW7MbiSMVAbbBnGvVEZByb9W9DwFanmjzf4MHq4nGm3BKobYSApfOd3G7iWWu4D5kku3L0SsNAvUWJiZuPk7rD5zGN9OjDV1rGKi9Sw9hcz5XBrFc_l9MglaQnKfllr2Quz9JyQuplxnSragvAXDkJ99xfUTPvbeE4KmLk62bQ

这是我收到的回复:

{
  "success": false,
  "error-codes": [
    "missing-input-response"
  ]
}
[1]+  Done                    curl -H "Origin: https://cors-everywhere.herokuapp.com" -H "Content-type: application/x-www-form-urlencoded; charset=utf-8" https://cors-anywhere.herokuapp.com/https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>

编辑

所以我 运行 cURL 在详细模式下它提供了一些有趣的东西。

curl -v -X POST -H "Origin: https://cors-everywhere.herokuapp.com" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" https://cors-anywhere.herokuapp.com/https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>&response=03AOLTBLQo3Bv8bxx9Jgk4iq7qQa76PWgWGUV7KO5iBPimE-EoVP0MuwwyWiXZp69FWhhwSLVjPbQKq2LoEBWp2geR9WAQK93nAgkj9kB-2hXBLggPFPUoxQjcs9LRfbEfY-vuszIGa5QqZwh5HpKrw5ffcoa8wkINdF68iWjF0OAOFYqaXYv9GV2RIdhxUsCFMDhGEDR3GBxa2CgBttnwr9z0ajO8_AxdvB8On9iE6NM-AYt2i7rPV13wEZxWliq0sNRbs9H9oDRwJvZo_yAj0Vs0ugkRg7yNeIOOMF27NW8puaSXyXUndnsJa-Eb0QwzKWMlSD2__75Y0ZHFfk3GqQjd4F3QnDhpQS0c8LagOxw0fFx8j9vXma4iJfCF1IuAPZq8eb0Py3u92LBSpx8hQAhZewHeNCrzSywHB6lVteyLbAd_3r8KXYovcYGWHjgP--SJdER2GdFggrrwjwYGyzMJCkdr67MwfZQKqfKX6KmF76_sRdXy7G8kOVJayNoG1kl94EvQW0EehkzXPPKOWoyerjL3Zks9gXMxG-PsE3qgJVw8fqd_OrcbLs8KmvruNQdRa5X9929onyXGwIROHNBFcA-6fhsLxw&remoteip=127.0.0.1
[1] 1536
[2] 1537
Chaunceys-MacBook-Pro-2:lambdaZipFilesDev chauncey$ *   Trying 52.5.140.196...
* Connected to cors-anywhere.herokuapp.com (52.5.140.196) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.herokuapp.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY> HTTP/1.1
> Host: cors-anywhere.herokuapp.com
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: https://cors-everywhere.herokuapp.com
> Content-Type: application/x-www-form-urlencoded; charset=utf-8
> 
< HTTP/1.1 200 OK
< Connection: keep-alive
< X-Request-Url: https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>
< Content-Type: application/json; charset=utf-8
< Date: Sat, 21 Dec 2019 12:24:13 GMT

出于某种原因,它在 & 符号处截断了 URL。任何关于它为什么这样做以及如何停止它的建议都会有所帮助。

编辑 2

我引用了 cURL 字符串,它在 cURL 级别工作。

curl -v -X POST -H "Origin: https://cors-everywhere.herokuapp.com" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" "https://cors-anywhere.herokuapp.com/https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>&response=03AOLTBLTt_RmDtUF8ueT6kyzFOHprG-P_FnhmhbKVxLMO46Ympu1heb3yelaBRZw6cQl-Sob85SvLDxF_VQktQsp8XDN9xkHOUx2E_o4Fecrlu8DGuFSjiiJQnfu8DK3W646g89SzvW02ufETSUn3hKFs-KyUO5gTUxW6tGE1aHEd4wqVuKVaQl_svWLRta6qwEKqmTMFCxNIUzOc9zuxzwknjFoyW0iDvrgN_nPR4pDmjgLHI1gLoKzFN5RymHnCYqPv23Q22vjNzUch8CZLW5iBt1SzyHFeNp_zodSvT8ZDTZV5EJyy1FzjTEE8g3EibTBpiK8GUbBIvdUFSxv3Po9dhueWIACuKvDYO4eKI5q1pluG9h1L4fTtbuSIVbNuySwWwArTN6KENGE4wVekAGULvLq3lm_7Fz0T4PWmlB3ASGvriOC1I6PNpzH2FkEhMOiZZuX9MnikVZyNV7HsV0jum0KU6TheNeTbg8lHflgpYYXokYOis-BTBEN8busUubIoicJHA4sFXBJiRc_5H6NWjyFlrmJy1DyWnFNzC2LrMZ_VVEzZ8Sqo3eBKMjyAgNZMrEk5a4CtdERSDULKGj6iyTT0ZRqPMw"
*   Trying 52.20.199.44...
* Connected to cors-anywhere.herokuapp.com (52.20.199.44) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.herokuapp.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /https://www.google.com/recaptcha/api/siteverify?secret=<SECRET KEY>&response=03AOLTBLTt_RmDtUF8ueT6kyzFOHprG-P_FnhmhbKVxLMO46Ympu1heb3yelaBRZw6cQl-Sob85SvLDxF_VQktQsp8XDN9xkHOUx2E_o4Fecrlu8DGuFSjiiJQnfu8DK3W646g89SzvW02ufETSUn3hKFs-KyUO5gTUxW6tGE1aHEd4wqVuKVaQl_svWLRta6qwEKqmTMFCxNIUzOc9zuxzwknjFoyW0iDvrgN_nPR4pDmjgLHI1gLoKzFN5RymHnCYqPv23Q22vjNzUch8CZLW5iBt1SzyHFeNp_zodSvT8ZDTZV5EJyy1FzjTEE8g3EibTBpiK8GUbBIvdUFSxv3Po9dhueWIACuKvDYO4eKI5q1pluG9h1L4fTtbuSIVbNuySwWwArTN6KENGE4wVekAGULvLq3lm_7Fz0T4PWmlB3ASGvriOC1I6PNpzH2FkEhMOiZZuX9MnikVZyNV7HsV0jum0KU6TheNeTbg8lHflgpYYXokYOis-BTBEN8busUubIoicJHA4sFXBJiRc_5H6NWjyFlrmJy1DyWnFNzC2LrMZ_VVEzZ8Sqo3eBKMjyAgNZMrEk5a4CtdERSDULKGj6iyTT0ZRqPMw HTTP/1.1

...

{
  "success": true,
  "challenge_ts": "2019-12-21T12:49:35Z",
  "hostname": "127.0.0.1"
}

但是现在如何在实际应用中复制这种成功jQuery?

真正的问题是 $.ajax(...) 没有提供足够的控制权来使用 cors-anywhere.herokuapp.com 站点。你必须控制 headers 所以你应该使用 XmlHttpRequest() object.

function getCaptchaData(website, cellNumber, firstName, lastName, emailAddress, password)
{

  var xhr = new XMLHttpRequest();
  var url = website;
  //console.log(data);
  //alert(data);        
  xhr.open("POST", url, true);
  xhr.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
  xhr.setRequestHeader("Accept","application/json");
  xhr.setRequestHeader("X-Requested-With","XMLHttpRequest");
  xhr.onreadystatechange = function () {
      if (this.readyState == 4 && this.status == 200) {

        alert("getCaptchaData Success!!");
        //resolve(json_string); // Resolve promise and go to then()
        callLoadPromoter(cellNumber, firstName, lastName, emailAddress, password);
        return true;

      }
      else if (this.readyState == 4 && this.status == 404)
      {
        alert("getCaptchaData Fail!  File not found.");
      }
      else
      {
        alert("getCaptchaData: Ready State: " + this.readyState + " Status: " + this.status);
      }
    }

  xhr.send();

}