如何在同一页面上加载 reCAPTCHA 分数和复选框?
How do I load reCAPTCHA Score and Checkbox on the same page?
目前在登录页面上,我需要在同一页面上同时进行评分和复选框reCaptcha评估,如果评分失败我需要动态加载复选框评分。
目前我正在使用它,但我不知道我是否正确实施了它。
在我的 HTML header 我有
<script src="https://www.google.com/recaptcha/enterprise.js?render=${Login.reCaptchaScoreKey}"></script>
在 html body 我有
<script src="https://www.google.com/recaptcha/enterprise.js?render=explicit"></script>
在 AJAX 中加载我有的复选框:
var captchaContainer = grecaptcha.render('captcha_container', {
'sitekey' : siteKey,
'callback' : function() {
$("#LOGIN").prop('disabled', false);
}
});
并提交分数我有以下内容(我将 reCaptcha 生成的令牌附加到 HTML 元素,因为这是我能想出将其发送到我的后端的唯一方法):
grecaptcha.enterprise.ready(function() {
grecaptcha.enterprise.execute(scoreKey, {action: action}).then(function(token) {
$('#g-recaptcha-response').val(token);
submitForm();
});
});
奇怪的是,我需要包含两次 reCaptcha JS 文件才能正常工作,这有点代码味。如果我按预期删除第一个 JS 文件,我的分数 reCaptcha 就会中断,如果我删除第二个,我的复选框就会中断。
有没有办法只包含一次 reCaptcha JS 来完成我想做的事情?或者我这样做的方式还好吗?
我收到了 reCAPTCHA Enterprise 支持团队的官方回复:
Thanks for reaching out here. We recommend not putting a checkbox
behind a score. More details are available on this here:
https://cloud.google.com/recaptcha-enterprise/docs/faq#id_like_to_use_the_score_from_to_show_a_challenge_checkbox_widget_how_can_i_do_this
Not only are there concerns listed in that FAQ point about the
efficacy of a checkbox widget when placed behind a score, but it also
over simplifies how the checkbox widget works. We perform "adversarial
challenging" on our checkbox widget (essentially, we show harder
challenges to known attackers), but we're unable to do so when placed
behind a score reCAPTCHA.
All of this being said, if you do wish to do it anyway, you would
have to include the JS file twice.
这是来自 link 在他们的电子邮件中发布的:
I'd like to use the score from reCAPTCHA Enterprise to show a challenge / checkbox widget. How can I do this?
We recommend that you do not do this. reCAPTCHA Enterprise expects to
see both good and bad user behavior on implementation. If you trigger
a reCAPTCHA Enterprise checkbox widget based on a reCAPTCHA Enterprise
score, the checkbox widget is only being exposed to bad traffic. Due
to this, the widget can have a more difficult time determining whether
to show a challenge or not. This can result in issuing NO CAPTCHAs (no
challenge shown at all) to fraudulent users or bots due to trouble
making that differentiation.
In these cases, we recommend just using a challenge-based site key
upfront (like reCAPTCHA Enterprise with a CHECKBOX Site Key) instead,
but installing a SCORE Site Key on every page, as well as issuing
grecaptcha.enterprise.execute to train the model, but foregoing
assessments on the SCORE tokens. Essentially, this achieves the goal
by training the reCAPTCHA Enterprise CHECKBOX site keys on user
behavior, resulting in less challenges shown to legitimate users and
more challenges to fraudulent ones.
添加到您自己的答案中,检查 https://developers.google.com/recaptcha/docs/faq#can-i-run-recaptcha-v2-and-v3-on-the-same-page 以了解您是否仍想这样做的更多详细信息。
目前在登录页面上,我需要在同一页面上同时进行评分和复选框reCaptcha评估,如果评分失败我需要动态加载复选框评分。
目前我正在使用它,但我不知道我是否正确实施了它。
在我的 HTML header 我有
<script src="https://www.google.com/recaptcha/enterprise.js?render=${Login.reCaptchaScoreKey}"></script>
在 html body 我有
<script src="https://www.google.com/recaptcha/enterprise.js?render=explicit"></script>
在 AJAX 中加载我有的复选框:
var captchaContainer = grecaptcha.render('captcha_container', {
'sitekey' : siteKey,
'callback' : function() {
$("#LOGIN").prop('disabled', false);
}
});
并提交分数我有以下内容(我将 reCaptcha 生成的令牌附加到 HTML 元素,因为这是我能想出将其发送到我的后端的唯一方法):
grecaptcha.enterprise.ready(function() {
grecaptcha.enterprise.execute(scoreKey, {action: action}).then(function(token) {
$('#g-recaptcha-response').val(token);
submitForm();
});
});
奇怪的是,我需要包含两次 reCaptcha JS 文件才能正常工作,这有点代码味。如果我按预期删除第一个 JS 文件,我的分数 reCaptcha 就会中断,如果我删除第二个,我的复选框就会中断。
有没有办法只包含一次 reCaptcha JS 来完成我想做的事情?或者我这样做的方式还好吗?
我收到了 reCAPTCHA Enterprise 支持团队的官方回复:
Thanks for reaching out here. We recommend not putting a checkbox behind a score. More details are available on this here: https://cloud.google.com/recaptcha-enterprise/docs/faq#id_like_to_use_the_score_from_to_show_a_challenge_checkbox_widget_how_can_i_do_this
Not only are there concerns listed in that FAQ point about the efficacy of a checkbox widget when placed behind a score, but it also over simplifies how the checkbox widget works. We perform "adversarial challenging" on our checkbox widget (essentially, we show harder challenges to known attackers), but we're unable to do so when placed behind a score reCAPTCHA.
All of this being said, if you do wish to do it anyway, you would have to include the JS file twice.
这是来自 link 在他们的电子邮件中发布的:
I'd like to use the score from reCAPTCHA Enterprise to show a challenge / checkbox widget. How can I do this?
We recommend that you do not do this. reCAPTCHA Enterprise expects to see both good and bad user behavior on implementation. If you trigger a reCAPTCHA Enterprise checkbox widget based on a reCAPTCHA Enterprise score, the checkbox widget is only being exposed to bad traffic. Due to this, the widget can have a more difficult time determining whether to show a challenge or not. This can result in issuing NO CAPTCHAs (no challenge shown at all) to fraudulent users or bots due to trouble making that differentiation.
In these cases, we recommend just using a challenge-based site key upfront (like reCAPTCHA Enterprise with a CHECKBOX Site Key) instead, but installing a SCORE Site Key on every page, as well as issuing grecaptcha.enterprise.execute to train the model, but foregoing assessments on the SCORE tokens. Essentially, this achieves the goal by training the reCAPTCHA Enterprise CHECKBOX site keys on user behavior, resulting in less challenges shown to legitimate users and more challenges to fraudulent ones.
添加到您自己的答案中,检查 https://developers.google.com/recaptcha/docs/faq#can-i-run-recaptcha-v2-and-v3-on-the-same-page 以了解您是否仍想这样做的更多详细信息。