maxxer
commented
6 months ago Add a note to CHANGELOG and I'll merge. Thank you
Closed Eseperio closed 6 months ago
maxxer
commented
6 months ago Add a note to CHANGELOG and I'll merge. Thank you
In current implementation, ReCaptcha is configured to use the
google.comdomain. While this setup is functional, it introduces potential legal and compliance risks related to cookie management. Specifically, thegoogle.comdomain can set additional cookies that may not be directly related to our website's functionality. These extra cookies raise concerns regarding user privacy and the stringent requirements of various cookie laws, such as the EU's GDPR.Under these regulations, websites must obtain explicit consent from users before any non-essential cookies are stored or accessed on their device. The presence of third-party cookies from
google.com, without clear and informed consent, could place us at risk of non-compliance.To mitigate these risks, I propose we switch the ReCaptcha service to use the
recaptcha.netdomain instead. This alternative domain offers the same functionality but with fewer implications regarding cookie placement. Usingrecaptcha.netminimizes the likelihood of inadvertently violating cookie regulations, as it's less likely to introduce unrelated or non-essential cookies. This change will help ensure our compliance with cookie laws while maintaining the integrity and security provided by ReCaptcha.I've prepared the necessary code changes for this switch and tested them to confirm that ReCaptcha continues to work as expected without any loss in functionality. This update will make our site more privacy-friendly and legally compliant.
Looking forward to your feedback and approval.