Score is something that recaptcha script calculates.
I guess min_score is something that we should setup manually, score is verified on the backend of the website using recaptcha, so it can be anything the owner wants, the less the score = the more likely it is a bot.
From what i understand, action can be anything, but how i understand how Recaptcha v3 works (ive used it in my app once).
1. Load the Google JS script on your website. 2. Setup in your html code when the script should generate a token (grecaptcha.execute) ( usually on the form submission), then add that token in your form. 3. On the backend send the token to Google API and get back a response with score and other params. 4. Verify on your backend if you want to allow the submission or not.
Actions; i guess they can be empty aswell, they are just a context that you can work with.
Also, when sending a Recaptcha with a BAD SITE KEY we are charged in some captcha services (antigate, decaptcha). Maybe SER could check if the KEY is valid before sending?
the key is extracted from website best as it can be...the key is also checked for having a certain fixed length and format...I cant do much more than that I guess.
1. Send a BADSITEKEY (either is wrong / expired or it is recaptcha v3) -> we are charged 2. If we have retries, SER will retry -> we are charged. 3. Time is wasted, more flagging potential, form re-submission.
If you think it is a good idea to verify the sitekey in SER, i will look into the best method to verify that, if not, please tell me why, and i will try to convice you.
Comments
https://developers.google.com/recaptcha/docs/v3
First what comes to my mind is:
https://developers.google.com/recaptcha/docs/v3#score
Score is something that recaptcha script calculates.
I guess min_score is something that we should setup manually, score is verified on the backend of the website using recaptcha, so it can be anything the owner wants, the less the score = the more likely it is a bot.
From what i understand, action can be anything, but how i understand how Recaptcha v3 works (ive used it in my app once).
1. Load the Google JS script on your website.
2. Setup in your html code when the script should generate a token (grecaptcha.execute) ( usually on the form submission), then add that token in your form.
3. On the backend send the token to Google API and get back a response with score and other params.
4. Verify on your backend if you want to allow the submission or not.
Actions; i guess they can be empty aswell, they are just a context that you can work with.
https://developers.google.com/recaptcha/docs/v3#actions
grecaptcha.execute('reCAPTCHA_site_key', {action: 'homepage'})It is all i remember from coding Recaptcha v3 into my own form.
Please correct me if i am wrong.
1. Send a BADSITEKEY (either is wrong / expired or it is recaptcha v3) -> we are charged
2. If we have retries, SER will retry -> we are charged.
3. Time is wasted, more flagging potential, form re-submission.
If you think it is a good idea to verify the sitekey in SER, i will look into the best method to verify that, if not, please tell me why, and i will try to convice you.