I have recently installed orchard 1.8 and am looking to do a simple contact form using reCaptcha for preventing spam and bots. The problem I am having is that the options for public and private key do not show where I would expect them to be.
Has anyone experienced this, or know where this option may be hidden?
reCaptcha settings are set globally through Settings > Spam (domain.tld/Admin/Settings/Spam)
I am using 1.8 Orchard and not able to save the private/public key. In addition, i have added recaptcha to a content type but it is not being displayed with error Input error: k: Format of site key was invalid
Related
I'm getting this chrome flag when trying to post and then get a simple form.
The problem is that the Developer Console shows nothing about this and I cannot find the source of the problem by myself.
Is there any option for looking this at more detail?
View the piece of code triggering the error for fixing it...
The simple way for bypass this error in developing is send header to browser
Put the header before send data to browser.
In php you can send this header for bypass this error ,send header reference:
header('X-XSS-Protection:0');
In the ASP.net you can send this header and send header reference:
HttpContext.Response.AddHeader("X-XSS-Protection","0");
or
HttpContext.Current.Response.AddHeader("X-XSS-Protection","0");
In the nodejs send header, send header reference :
res.writeHead(200, {'X-XSS-Protection':0 });
// or express js
res.set('X-XSS-Protection', 0);
Chrome v58 might or might not fix your issue... It really depends to what you're actually POSTing. For example, if you're trying to POST some raw HTML/XML data whithin an input/select/textarea element, your request might still be blocked from the auditor.
In the past few days I hit this issue in two different scenarios: a WYSIWYG client-side editor and an interactive upload form featuring some kind of content preview. I managed to fix them both by base64-encoding the raw HTML before POSTing it, then decoding it on the receiving PHP page. This will most likely fix the issue and, most importantly, increase the developer's awareness level regarding the data coming from POST requests, hopefully pushing him into adopting effective data encoding/decoding strategies and strengthen their web application from XSS-type attacks.
To base64-encode your content on the client side you can either use the native btoa() function, which is supported by most browsers nowadays, or a third-party alternative such as a jQuery plugin (I ended up using this, which worked ok).
To base64-decode the POST data you can then use PHP's base64_decode(str) function, ASP.NET's Convert.FromBase64String(str) or anything else (depending on your server-side scenario).
For further info, check out this blog post that I wrote on the topic.
In this case, being a first-time contributor at the Creative forums, (some kind of vBulletin construct) and reduced to posting a PM to the moderators before forum access it is easy for one to encapsulate the nature of the issue from the more popular answers above.
The command was
http://forums.creative.com/private.php?do=insertpm&pmid=
And as described above the actual data was "raw HTML/XML data within an input/select/textarea element".
The general requirement for handling such a bug (or feature) at the user end is some kind of quick fixit tweak or twiddle. This post discusses the option of clearing cache, resetting Chrome settings, creating a new_user or retrying the operation with a new beta release.
It was also suggested that one launches a new instance with the following:
google-chrome-stable --disable-xss-auditor
The launch actually worked in this W10 1703 Chrome 061 edition after this modified version:
chrome --disable-xss-auditor
However, on logging back in to the site and attempting the post again, the same error was generated. Perhaps the syntax wants refining or something else is awry.
It then seemed reasonable to launched Edge and repost from there, which turned out to be no problem at all.
This may help in some circumstances. Modify Apache httpd.conf file and add
ResponseHeader set X-XSS-Protection 0
It may have been fixed in Version 58.0.3029.110 (64-bit).
I've noticed that if there is an apostrophe ' in the text Chrome will block it.
When I update href from javascript:void(0) to # in the page of POST request, it works.
For example:
login
Change to:
login
I solved the problem!
In my case when I make the submmit, I send the HTML to the action and in the model I had a property that accept the HTML with "AllowHTML".
The solution consist in remove this "AllowHTML" property and everything go OK!
Obviously I no longer send the HTML to the action because in my case I do not need it
It is a Chrome bug. The only remedy is to use FireFox until they fix this Chrome bug. XSS auditor trashing a page, that has worked fine for 20 years, seems to be a symptom, not a cause.
I'm trying to configure CKEditor to use my iframely account instead of the default account.
I have a developer's api key for iframely, and have put the following into config.js:
config.embed_provider = 'https://iframe.ly/api/oembed?url={url}&callback={callback}&api_key=MyAPIKey';
However, CKEditor still uses the default iframely account.
Can anyone help? I assume I'm missing something simple.
I have implemented my reCAPTCHA in line with as is shown in the example.
I have this script in the head tag:
<script src="https://www.google.com/recaptcha/api.js"></script>
In my form in HTML I have:
<div class="g-recaptcha" data-sitekey="my public sitekey here"></div>
But when I load the form I get this error:
ERROR: Invalid domain for site key
I have confirmed that this is the correct site key for my domain.
The code is currently in a subdomain so I thought maybe that was the problem so I also added the subdomain to the Google reCAPTCHA admin but still get the error.
The exact same code works 100% in a different domain (with a key specific to that domain).
What could be the problem?
In case someone has a similar issue. My resolution was to delete the key that was not working and got a new key for my domain. And this now works with all my sub-domains as well without having to explicitly specify them in the recaptcha admin area.
First of all, the keys are managed at https://www.google.com/recaptcha/admin#list
I ran into this error because I'm using the same key on a few different domains and I had forgotten to add one of the domains to the key.
After adding my site it took a minute or two (most likely because of cache) for things to work normally again.
I had the same problems I solved it.
I went to https://www.google.com/recaptcha/admin and clicked on the domain and then went to key settings at the bottom.
There I disabled the the option below
Domain Name Validation
Verify the origin of reCAPTCHA solution
clicked on save and captcha started working.
I think this has to do with way the server is setup. I am on a shared hosting and just was transferred without notice from Liquidweb to Deluxehosting(as the former sold their share hosting to the latter) and have been having such problems with many issues.
I think in this case google is checking the server but it is identifying as shared server name and not my domain.
When i uncheck the "verify origin" it starts working.
Hope this helps solve the problem for the time being.
No need to create a new key just clear site data on browser
If you change your site domain then add that domain to existing key (it's not necessary to a create new one) and save it.
https://www.google.com/recaptcha/admin#list
but google recapture has some data on browser. Clear them then it will work with your new domain
I guess the quickest way is just to disable the domain check while you're developing it
I was using localhost during unit testing when my recaptcha key was registered to 127.0.0.1. So I changed my browser to point to 127.0.0.1 and it started working. Although I was able to add "localhost" to the list of domains in my ReCaptcha Key Settings, I am still unable to unit test using localhost. I have to use the loopback IP address 127.0.0.1.
You may have inadvertently used a private key for a public key.
There is another point must be noted before regenerating keys that resolve 90% issue.
for example your xampp directory is C:\xampp
and htdocs folder is C:\xampp\htdocs
we want to open page called: example-cap.html
and page is showing error:
invalid domain for site key
Use your localhost address in browser address like:
localhost/example-cap.html
this will resolve your issue
Do not use address c:\xampp\htdocs\example-cap.html
this will generate error
Make sure you fill in your domain name and it must not end with a path.
example
http://yourdomain.com (good)
http://yourdomain.com/folder (error)
I ran into this issue also and my solution was to verify I was integrating the appropriate client code for the version I had selected.
In my case, I had selected reCAPTCHA v3 but was taking client integration code for v2.
V3 looks like this:
<script src="https://www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key"></script>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('reCAPTCHA_site_key', {action: 'homepage'}).then(function(token) {
...
});
});
</script>
V2 code looks like this:
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<form action="?" method="POST">
<div class="g-recaptcha" data-sitekey="your_site_key"></div>
<br/>
<input type="submit" value="Submit">
</form>
</body>
</html>
As for which version you have, this will be what you decided at the start of your reCAPTCHA account setup.
Try to add domains without http:// and https:// e.g. example.com
For me, I had simply forgotten to enter the actual domain name in the "Key Settings" area where it says Domains (one per line).
I had the same problems. I solved it: I went to https://www.google.com/recaptcha/admin, clicked on the domain and then went to key settings at the bottom.
There I disabled the option below Domain Name Validation Verify the origin of reCAPTCHA solution.
Clicked on save and captcha started working.
You should set your domain for example: www.abi.wapka.mobi, that is if you are using a wapka site.
Note that if you had a domain with wapka it won't work, so compare wapka with your site provider and text it.
I tried for almost 4 Hours with this and finally figuring it out with guidance from here, I thought I would share my solution with you.
Ok so my domain is an addon domain. I also got "ERROR for site owner: Invalid domain for site key" I had checked that everything was correct almost a thousand times and it looked right to me, until I thought of it in terms of a desktop shortcut.
Solution:
So for an addon domain make sure that the parent url is also in the list of domains i.e:
[ADDON DOMAIN].[PARENT DOMAIN].com .
The addon location will be the folder that you set on your host so when using addon domains ensure to name the root with something logical.
Hope this helps someone else and thanks for the suggestions people.
My domain was quite complex. I took the value returned by window.location.host in the developer console and pasted that value in the recaptcha admin white list. Then I cleared the cache and reloaded the page.
I had a similar problem due to the fact that I forgot to show the render parameter
<script src='https://www.google.com/recaptcha/api.js?render=SITE_KEY' async defer></script>
Im trying to make connections 4.5 working with content manager. I guess im quite far away from start finally but there are many things i need to fix.
Sometimes my widgets just doesnt load. It says cannot load widgets-config.xml
when i restart deployment and appsrv everything looks good.
My biggest problem is to add library to community. Because i want to see how workflow works and the id like to create linked library of this. This is what i get when i try to add library widget to the community (linked library widget works well)
CLFWZ0004E: Event 'widget.added' sent to remote lifecycle handler at https://conserv.egroup.local/dm/atom/communities/feed returned bad response: 403 - Forbidden
I guess there is som problem with https access. Can anybody of you guys ever faced this problem? Some hints?
UPDATE-1
After accessing that page from it gives me this :
<td:error>
<td:errorCode>UnsupportedOperation</td:errorCode>
<td:errorMessage>CQL5602: The attempted operation, GET, is not allowed on the resource /communities/feed.
Contact your administrator and provide the incident ID: 1381320497551.
The administrator should forward this information to the application owner.
</td:errorMessage>
</td:error>
So i guess maybe there can be som problem with proxy policies. I tried to make some changes with changes default policy url to *. But still no progress..
Hints?
I'm very new to ColdFusion (this is my second day dealing with it) and I am implementing a simple HTML page. I have a feedback form on this page and when the user hits submit, I want to email the contents of the form to myself. I have to do it using cfmail.
To try it out before I implemented it, I created the following cfmail.cfm file:
<cfmail from="#form.from#" to="myemailaddress" type="html">
Some text
</cfmail>
and passed the name of the file to the action attribute of my form. Every time I click submit on my form, it just opens the above file.
All the examples I find online pretty much show the same thing, but obviously I'm way off here.
Am I using cfmail in the wrong manner?
Thanks in advance for your help!
Just like Evik said in the comments, add a subject because it is a required field for the cfmail tag.
<cfmail to="#form.mailto#" from="#form.mailFrom#" subject="#form.subject#">
#form.body#
</cfmail>
Also check the mail settings in the ColdFusion administrator under Setting > Mail. There is also a mail log in the administrator you can check.
I recommend using Adobe online docs for ColdFusion. I referrer to it almost daily, they are great.
Here is a link to the cfmail for CF8 but at the bottom it links to other version.
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_m-o_01.html
If it's just opening the file and not throwing a ColdFusion error (which it should do without the subject) then you most likely have a problem in your ColdFusion installation or more likely in the setup of your development web server is not handling the cfm scripts (IIS or Apache depending on the platform).