Skip to content

fix: reCaptcha cannot be loaded in China #7352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: reCaptcha cannot be loaded in China #7352

wants to merge 2 commits into from

Conversation

KarlLee830
Copy link

@KarlLee830 KarlLee830 commented Apr 25, 2025
edited
Loading

Summary

Since China's firewall blocks google.com, use recaptcha.net to avoid Chinese visitors not being able to load recaptcha

fix: #7351

Source: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally

Testing

Checklist

  • .changeset
  • unit tests
  • integration tests
  • necessary TSDoc comments

@KarlLee830
fix: reCaptcha cannot be loaded in China
a82bdfa 
Since China's firewall blocks google.com, use recaptcha.net to avoid Chinese visitors not being able to load recaptcha
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 25, 2025
edited
Loading

COMPARE TO master

Total Size Diff 📈 +12 Bytes

Diff by File
Name Diff
packages/core/src/middleware/koa-security-headers.ts 📈 +6 Bytes
packages/experience/src/Providers/CaptchaContextProvider/utiles.ts 📈 +3 Bytes
packages/experience/src/Providers/CaptchaContextProvider/utils.ts 📈 +3 Bytes

@wangsijie
Copy link
Contributor

Maybe we can add a new configuration field, such as “reCAPTCHA endpoint” or “reCAPTCHA domain,” instead of replacing it globally.

@charIeszhao
Copy link
Member

Thank you for the PR. I think it is good! However, we might need to use www.recaptcha.net instead of just the root domain of recaptcha.net, to be more rigorous.

@KarlLee830
Copy link
Author

Thank you for the PR. I think it is good! However, we might need to use www.recaptcha.net instead of just the root domain of recaptcha.net, to be more rigorous.

Yes, you're right—I've updated the PR to use www.recaptcha.net instead.

@KarlLee830
Copy link
Author

Maybe we can add a new configuration field, such as “reCAPTCHA endpoint” or “reCAPTCHA domain,” instead of replacing it globally.

In that case, I recommend defaulting to www.recaptcha.net since many websites using Logto may not be aware that www.google.com is inaccessible in certain countries and regions—this could result in most Logto reCAPTCHAs failing to load for users in China.

Additionally, Google provides another endpoint: recaptcha.google.cn, which could also be added to the list as an alternative option.

@gao-sun
Copy link
Member

gao-sun commented Apr 27, 2025

@KarlLee830 we are working on this internally and will get back to you soon

@wangsijie
Copy link
Contributor

@KarlLee830 Hi, after discussion, we’ve decided to add a new optional field called “reCAPTCHA domain”, allowing users to specify their own domain if needed. By default, this will be set to www.google.com, which aligns with Google’s official documentation. Would you be able to update this change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simeng-li simeng-li Awaiting requested review from simeng-li simeng-li is a code owner

@wangsijie wangsijie Awaiting requested review from wangsijie wangsijie is a code owner

@gao-sun gao-sun Awaiting requested review from gao-sun gao-sun is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@wangsijie wangsijie

@KarlLee830 KarlLee830

Labels
bugfix size/xs
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feature request: google.com/recaptcha can't open in China
4 participants
@KarlLee830 @wangsijie @charIeszhao @gao-sun