Japanese translator turned software engineer. I work mostly with Ruby and Rails, but love working on both the backend and the frontend. Currently a computer science student @ University of Colorado.
Location
Connecticut
Education
University of Colorado, Ohio State University, IUC (for Japanese)
Hmm, it does look like the Google documentation says to make a POST request...
Honestly, when I wrote this (and still now), I had a really hard time understanding how the ReCaptcha worked, so I had to reference some other articles. Those articles all used Net::HTTP.get_response(uri) to get back the verification response.
You could try to make it a POST request instead and see how it works. I haven't tried it myself yet!
I'm implementing a reCAPTCHA currently. I believe it is supposed to be a POST request.
In fact, it's a little insecure to pass the secret key (and the token to a lesser extent) via a GET request. The query parameters at the end of the URL are encrypted in transit (so long as HTTPS is used,) but they can still show up in server logs, etc.
Doesn't apply here, but those query parameters also show up in browser history! GET should never be used to transmit sensitive information over the web.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hmm, it does look like the Google documentation says to make a POST request...
Honestly, when I wrote this (and still now), I had a really hard time understanding how the ReCaptcha worked, so I had to reference some other articles. Those articles all used
Net::HTTP.get_response(uri)
to get back the verification response.You could try to make it a POST request instead and see how it works. I haven't tried it myself yet!
I'm implementing a reCAPTCHA currently. I believe it is supposed to be a POST request.
In fact, it's a little insecure to pass the secret key (and the token to a lesser extent) via a GET request. The query parameters at the end of the URL are encrypted in transit (so long as HTTPS is used,) but they can still show up in server logs, etc.
Doesn't apply here, but those query parameters also show up in browser history! GET should never be used to transmit sensitive information over the web.