Comments (18)
Man you're like 80% of the way there... implement the feature!
from website.
https://www.google.com/recaptcha/intro/v3.html
When you get to the point of needing a Site Key and Secret Key, let me know. I can get that for you from our HFLA domain.
from website.
Instructions too 😄 All you'll need is the 2 keys, which I can provide at the time of request!
from website.
Wrote to Josh to ask him about keys
from website.
reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take appropriate action.
If we can get reCAPTCHA v3 site keys for the domain we can have an invisible CAPTCHA check setup with a few lines of code inserted to the _includes/head.html. This will require no user interaction.
We can add an additional secondary check on the submit button if we think it is required with Google's reCAPTCHA v2, that is 2 lines of HTML to render.
https://developers.google.com/recaptcha/docs/versions
https://developers.google.com/recaptcha/docs/v3
https://developers.google.com/recaptcha/docs/display
from website.
reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take appropriate action.
If we can get reCAPTCHA v3 site keys for the domain we can have an invisible CAPTCHA check setup with a few lines of code inserted to the _includes/head.html. This will require no user interaction.
We can add an additional secondary check on the submit button if we think it is required with Google's reCAPTCHA v2, that is 2 lines of HTML to render.
https://developers.google.com/recaptcha/docs/versions
https://developers.google.com/recaptcha/docs/v3
https://developers.google.com/recaptcha/docs/display
If you wanted to take this on, I've got the keys needed to get it implemented.
from website.
@joshuazrobins I would like to take this on. Just to confirm these keys you generated are the ones you refer to in Nov 2018 post. Are they the same since we moved the site to gh-pages and had a redesign? Would you need to regenerate? If they are good still I am ready to take this on.
from website.
@joshuazrobins I would like to take this on. Just to confirm these keys you generated are the ones you refer to in Nov 2018 post. Are they the same since we moved the site to gh-pages and had a redesign? Would you need to regenerate? If they are good still I am ready to take this on.
Yep I'll send you those keys via Slack. We created a site in the Google reCAPTCHA Admin Console, so we could track it and everything... so it shouldn't need updating.
from website.
To implement reCAPTCHA on our static GitHub pages configuration we need a cloud service to handle the server side scripting. IBM Cloud Services or Amazon Web Services are examples that work with reCAPTCHAv3. Do we have an H4LA account with either of those services?
from website.
@brandonjturner - Is there a captcha that doesn't require us to have cloud service to handle the server side scripting?
from website.
@ExperimentsInHonesty I can't find a foolproof client-side only solution.
from website.
@brandonjturner -I had a conversation with @thekaveman last Monday and he said he would setup the cloud service we need. We will move this ticket back when Kegan has set that up.
from website.
I'm kind of annoyed that we need to setup a back-end service just to do this, and especially if it's just for Google's AI to suck up more user data and make decisions for us anyway.
What if we started simple with a hidden input that normal users won't fill out, and we block submissions that have a value in that field (i.e. the "honeypot" approach)? This may inadvertently block some users that have form auto-fill turned on, and it isn't as locked-down as more advanced techniques... but it is better than nothing and doesn't require a ton of setup.
from website.
@thekaveman I am concerned that this might make the less navigatable for people that use screen readers. Thoughts?
from website.
@ExperimentsInHonesty that is a valid concern - a honeypot input would appear as a standard form input to a screen reader, and if filled in, could prevent that user from submitting the form. The site itself shouldn't be any less navigable beyond that, though.
As usual there's a trade-off: do we get so much spam that we absolutely need something in place ASAP, even if just temporary? Or is spam not so much of a concern where we don't want to put something in place that would inadvertently block a valid user from submitting?
from website.
Now that github actions has been publicly announced we can use the secret keeping function to hide the keys using environment variables. My understanding is that we won't need a cloud service to do this. What do you you think @brandonjturner.
from website.
@wes are we getting junk emails to Action Network via this form. If no, I will close this issue, if yes, reinvestigate it. LMK
from website.
@ExperimentsInHonesty We don't have any way of sorting "good" email subscribers from bad. But the original CAPTCHA issue was for Contact Us, which had a text-entry field and therefore was more spammable... But given that no one can remember ever getting an email from Contact Us, and we think it never worked right, I don't know why this captcha issue was created in the first place.
So with that context -- i would say close the issue, we don't have a problem that captcha can solve.
from website.
Related Issues (20)
- Add github-handle for Nandana Rao in civic-tech-index.md
- Add github-handle for Emerson Castaneda in civic-tech-index.md
- Add github-handle for Bruce Lai in civic-tech-index.md HOT 2
- Add github-handle for Bhaggyalakshmi Balasubramaniyan in civic-tech-index.md HOT 2
- Add github-handle for Ron Fu in civic-tech-index.md HOT 2
- Add github-handle for Isaiah Ozadhe in civic-tech-index.md
- Add github-handle for Maxwell Countryman Skewes in civic-tech-index.md HOT 5
- Add github-handle for Dennis Chatkhan in civic-tech-index.md HOT 4
- Add github-handle for Iffath Sultana in civic-tech-index.md
- ER: Communities of Practice information updates: Engineering HOT 4
- Update Communities of Practice: Engineering (Remove Chelsey Beck, Add Adam Abundis) HOT 5
- Update CONTRIBUTING.md Section 2.7.f HOT 1
- Update CONTRIBUTING.md Section 2.7.f HOT 6
- ER: Update the Communities of Practice information updates Issue Template
- Update Communities of Practice: Engineering (Add Heejung Hong) HOT 2
- Add new variable github-handle to member Ray Fambro in civic-opportunity-project.md HOT 1
- Add new variable github-handle to member Tan Zhou in civic-opportunity-project.md HOT 2
- Minor edits to GHA `schedule-monthly.yml`
- website-wiki repo readme setup readme development and testing HOT 4
- Add Tools to the Languages/Technologies filter group on the projects page HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.