Comments (3)
Hi @xr0master , thanks for responding.
Even for an invisible captcha, the token has to get generated by a client somewhere. Seeing as for the v2 captcha emailjs.send
already sends along the g-recaptcha-token
I don't see why this would be an issue. The recaptcha secret is already needed for v2 and can be stored in the GUI on your website. The only thing that has to get added is, like you said the feature flag so that people can choose to use the v3 one (leave the v2 as default for those that want to use captcha before email sending). Then the only thing that the emailjs server has to do upon receiving a bunch of data for an email service with a v3 captcha set, is do a request to the google api:
URL: https://www.google.com/recaptcha/api/siteverify METHOD: POST
Which takes the recaptcha secret key that is already there and the token that already gets sent.
Second, invisible captchas often give a low score, especially for users in incognito. We will simply be flooded with tickets: "nothing works".
I don't recognize this problem, the apps I've built with the v3 captcha generally give back 0.9 scores and me and my colleague have found it difficult to spoof. That being said, you can give the users the option to set their threshold in the GUI. That threshold can then get used to interpret the returned score.
Obviously I'm not familiar with all aspects of your services and there might be things that I am overlooking, but I don't have the feeling that a lot has to change in the installable package, as the settings for which captcha a user would want to use and the corresponding secret key are in the emailjs backend/db. Please correct me if I'm wrong though.
from emailjs-sdk.
Hey. We have thought about this several times, and the problem is not technical.
The fact is that v3 has only a hidden captcha, which is why we do not yet see how the SDK can independently take the key and forward it to the server. That is, it will most likely require manual SDK integration with captcha.
Correspondingly, 2 problems appear. First, the complexity of the integration increases, many of our clients will experience problems with this increased complexity. Second, invisible captchas often give a low score, especially for users in incognito. We will simply be flooded with tickets: "nothing works".
We try to create the service to be very simple and intuitive. Starting with simple and open documentation and ending with the dashboard. And invisible captchas don't fit into this concept yet. If you have any ideas, we would love to hear from them.
P.S. I think that this year we will add feature flags, which will allow us to add invisible captcha v3 as an activated feature, which will be at the discretion of customers.
from emailjs-sdk.
Hi there,
Sorry for jumping in here so late, but I would really like the option to have v3 as well. Or even if it is possible to have the v2 but then have the option to use the invisible one.
from emailjs-sdk.
Related Issues (20)
- Node.js: SyntaxError: Cannot use import statement outside a module HOT 1
- Cannot use import statement outside a module HOT 1
- Able to send form with required field HOT 1
- "XMLHttpRequest is not defined" HOT 1
- IE11 Support HOT 2
- ReferenceError: XMLHttpRequest is not defined HOT 1
- not supported in below node js 16 HOT 1
- rest api error: API calls are disabled for non-browser applications HOT 1
- Input radio is supported ? HOT 1
- bug: sending user_id instead of public_key HOT 1
- EmailJSResponseStatus: Uncaught TypeError: Cannot read properties of null (reading 'status') HOT 1
- Failed to minify the code from this file.
- Outlook
- getting an empty value on my Gmail HOT 2
- Failed to load resource: net::ERR_CONNECTION_RESET HOT 1
- React/TypeScript example HOT 1
- XMLHttpRequest is not defined (URGENT) HOT 1
- Email Js public key HOT 1
- No receiving all the values in my email template HOT 1
- Rate Limitting not working with React. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emailjs-sdk.