-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.2.5 CE GA6, 6.2.10 EE GA1
-
Fix Version/s: 6.2.X EE
-
Component/s: Application Security > Captcha
-
Labels:
-
Branch Version/s:6.2.x
-
Backported to Branch:Committed
-
Story Points:1.25
-
Fix Priority:3
-
Git Pull Request:
There are 3 properties we can use to set the "recaptcha" url:
captcha.engine.recaptcha.url.script captcha.engine.recaptcha.url.noscript captcha.engine.recaptcha.url.verify
We can set this properties with urls starting by https, but if request is not secure, it will be changed to http.
Depending on each different liferay installation, it is possible that the application server is getting non secure requests (http), but the navigation is really using https for example because the web server configuration.
expected behavior: the protocol should not being modified
current behavior: the protocol could be modified
This issue is not affecting master because this component was updated in
LPS-55941 in order to support a new version of the recaptcha api and that change also solved this behavior.
Steps to configure reCAPTCHA
- Go to https://www.google.com/recaptcha and register a reCAPTCHA for localhost for your account
- Get the "site" and "secret" keys
- Set
portal-ext.properties
captcha.engine.recaptcha.key.private=YOUR_SECRET_KEY captcha.engine.recaptcha.key.public=YOUR_SITE_KEY captcha.engine.impl=com.liferay.portal.captcha.recaptcha.ReCaptchaImpl
- Start portal
- Go to the Login portlet and click on "Create Account"
Verify that after the fix reCAPTCHA is loaded and can be used successfully.
- relates
-
LPE-15243 The protocol of the recaptcha properties is being changed by code
-
- Closed
-