google / recaptcha

PHP client library for reCAPTCHA, a free service to protect your website from spam and abuse.
http://www.google.com/recaptcha/
BSD 3-Clause "New" or "Revised" License
3.48k stars 773 forks source link

reCAPTCHA v3 is loading unnecessary fonts #377

Open galford-tillster opened 4 years ago

galford-tillster commented 4 years ago

Hi,

Per the reCAPTCHA V3 documentation we are allowed to hide the badge:

https://developers.google.com/recaptcha/docs/faq#id-like-to-hide-the-recaptcha-badge.-what-is-allowed

However, hiding the badge does not prevent the two fonts used on the badge from downloading. reCAPTCHA V3 downloads two fonts each about 10KB, so that's 20KB of unnecessary data being loaded each time.

We cannot block the request because the CSS is inside the iFrame.

Is it possible to provide a configuration option that will disable the font, or maybe disable the badge altogether?

23tux commented 1 year ago

New year, still no progress. Can maybe @rowan-m give some updates, if this issue will receive some attention in the future?

iarovuo commented 1 year ago

Typical Google, recaptcha is not having display=swap, and then Google PageSpeed Insights complain about their own other product. Same thing goes with having youtube video or gtag on the website!!!

It's year 2023 and they STILL haven't fixed this years old issue!!!

rimager commented 1 year ago

Just stopping by here to say that I, too, would like a way to prevent the unnecessary Roboto font loading situation in reCaptcha. In my case it makes SIX requests to load this woff, which also can't be cached.

image

sinanisler commented 1 year ago

It's year 2023 and they STILL haven't fixed this years old issue!!!

it is not a issue it is a loophole :)

maddsua commented 1 year ago

It's a total joke

image

No, rlly, why does it need to load fonts, you, the dumbasses at Google?? Just use Arial for God's sake! I'm not even talking about that bigass "PrOtEcTeD bY GoOgLe" badge that pops up without any questions. I know that my site uses it, and if I wanted to, I'd place it somewhere it would fit the design!

maddsua commented 1 year ago

it's ridiculous that we can't just add &nofonts=true to the URL and be done with it

EXACTLY!

I mean, Google has enough money by spying on us, so make the developer experience of the products a bit better at least.

How many ppl-hours is needed to fix that bs? It's not a big redesign or anything like that, just add the option...

iarovuo commented 1 year ago

@google-admin There is nobody assigned to this issue. The issue is well known, but Google does not give a shit. as usual.

alorbach commented 1 year ago

This issue is open since YEARS, so another YEAR without recaptcha in Germany 🤦‍♂️

cristiansoftlead commented 1 year ago

Does it still make sense to ask if there is any update? :)))

nessor commented 1 year ago

Does it still make sense to ask if there is any update? :)))

To be honest. Not really. We’re using turnstile now. Even a beta is better than this here.

BlooDStrikeR88 commented 1 year ago

i have the same problem as the one stated below... Cant seem to find out a solution. I use wprocket + perfmatters + i tried all different codes and scripts - nothing worked. I have unused script for recaptchav3 and the roboto fonts ... Please if someone finds a solution - please share it with everyone. thank you.

It's a total joke

image

No, rlly, why does it need to load fonts, you, the dumbasses at Google?? Just use Arial for God's sake! I'm not even talking about that bigass "PrOtEcTeD bY GoOgLe" badge that pops up without any questions. I know that my site uses it, and if I wanted to, I'd place it somewhere it would fit the design!

05August commented 1 year ago

29/9/2023 ✌️ Google does not give a shit

sinanisler commented 1 year ago

I am 100% sure google using google font cdn traffic data to collect statistics :)

how they use statistics? who knows...

tomihq commented 10 months ago

23/12/2023 and not solved :(

sinanisler commented 10 months ago

I stoped using reCAPTCHA loooong time ago using the honetpot method on forms wparmor plugin in WordPress works great most of the cases

khrizzcristian commented 10 months ago

I stoped using reCAPTCHA loooong time ago using the honetpot method on forms wparmor plugin in WordPress works great most of the cases

Yea...I've made a custom recaptcha also :)

matheusmoraesporto commented 9 months ago

I am also facing the same problem, now in 2024, almost 4 years ago this issue was openned. Do we have some news about this topic??

23tux commented 9 months ago

From time to time, this issue pops up and clients ask me about it. I then send them a link to this issue. Unfortunately, no other captcha solution works like reCaptcha (quality, costs, performance...), so we hadn't been able to switch, yet.

Eeesbk commented 6 months ago

haha lol google......, F***ing !!!!

mthorson commented 4 months ago

I just ran into this issue in regards to GDPR compliance in Germany and effectively got a statement that because fonts.gstatic.com does not log IP addresses(they are received but not logged), that this is a non-issue for compliance. This has been vetted by multiple legal teams of large German corporations as well as the GCP Legal team. There is an additional opt-in form to ensure you are compliant on GCP.

Here is the official legal verbiage from within the service specific terms:

Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Use. For users in the European Union, you and your Application(s) must comply with the EU User Consent Policy. Google collects hardware and software information, such as device and application data, through reCAPTCHA only as necessary to provide, maintain, and improve the Service, and for general security purposes. Such information will not be used for any other purpose, such as personalized advertising by Google. (It's a bit hidden, under "Service Terms" --> "35. Firebase Authentication and Identity Platform")

There are additionally some confirmations of GDPR compliance for reCaptcha enterprise.

REF: https://cloud.google.com/recaptcha-enterprise/docs/faq?hl=en#is_gdpr_compliant https://cloud.google.com/blog/products/identity-security/recaptcha-enterprise-and-the-importance-of-gdpr-compliance https://cloud.google.com/privacy/gdpr

rnnyrk commented 3 months ago

Google imports fonts by using their service, same time Google punishes for loading to much fonts. No option to stop loading roboto. Life of a develop is a sad life every now and then 😢