Request to add recaptcha.net to CSP or switch to it

Currently the recaptcha services used on Glich is via https://www.google.com/recaptcha/api.js. However Google services are banned in China. Luckily we can access https://recaptcha.net/recaptcha/api.js. I think that is Google’s official website, though I don’t have absolute proof.

Hi @imba-tjd! Welcome to the Glitch community :glitch: :slight_smile:

It is a Google domain

But, if the domain is undocumented, I find it unlikely that any sites will change to it. Plus, it is very easy for that domain to be blocked in the future anyway.

1 Like

An alternative would be to move to a different service, such as HCaptcha

2 Likes

are there domains that are somehow hard to block?

I found this because I’m using Header Editor, a browser extension, to redirect https://www.google.com/recaptcha to https://recaptcha.net/recaptcha. However the CSP meta tag in HTML forbids requests to recaptcha.net.

It’s :ok: to remain current status. I can use the extension to modify HTTP response to remove CSP as well. Your concern is right, I should probably do this on client side.

As of domains that are hard to block, I don’t think there is a way. People depend on ISP, which can do lots of things, to use internet from home.

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.