search

michaelvs97 / AspNetCore.ReCaptcha

Google ReCAPTCHA v2/v3 Library for .NET Core 3.x/5.x
https://www.nuget.org/packages/AspNetCore.ReCaptcha/
MIT License
73 stars 20 forks source link

Cannot validate V3 token via AJAX #66

Open DanHalford opened 6 months ago

DanHalford commented 6 months ago

This is possibly (almost certainly) a result of my stupidity, but I'm unable to validate a V3 token when submitted via AJAX. Excuse terminology - I'm not a programmer...

On my Razor form, I have this:

var token = document.querySelector('input[name="__RequestVerificationToken"]').value;

fetch('/auth/register', {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        email: emailField.value,
        password: passwordField.value,
        token: token
    })
})

This is capturing the token and sending it back, as follows: image

However, any call to GetVerifyResponseAsync results in an invalid-input-response error code: image

The key and secret are correct - they're working on another page that uses a traditional form post submission.

Any ideas, or am I just terminally dumb?

sleeuwen commented 1 month ago

You're passing the ASP.NET Core Antiforgery token to the recaptcha service ("__RequestVerificationToken" is the antiforgery token, not the recaptcha token). You will need to get the value of input[name="g-recaptcha-response"] and send that as the token value instead.