[ZendTo] Invalid JSON Captcha

Orion Poplawski orion at nwra.com
Mon Feb 26 18:00:28 GMT 2024 

On 9/20/23 03:26, Frederic BOER via ZendTo wrote:
> Hello
> I have a problem with my Zendto which is in version 6.13-3, I have just placed
> it behind a NGINX proxy and I have a problem with the captcha.
> I have sent a document to an external user. he has received the mail, connects
> to retrieve the documents. there is a captcha that is validated but Zendto
> returns an Invalid-json error. 
> what can I do? 
> Thanks in advance

So, I just ran into this moving to a different RHEL host.  Our issue was two-fold:

* Needed to enable the httpd_can_network_connect SELinux boolean
* Needed to open up the firewall to allow https connections out from the server

This is needed for the recaptcha php code to connect to google's servers.

I would like to redirect PHP to use our proxy server, but this seems to be not
very straightforward to do in general and may need modification to the zendto
code.  Suggestions welcome.

As for the invalid-json message, it comes from:

/opt/zendto/www/ReCaptcha/Response.php:

    public static function fromJson($json)
    {
        $responseData = json_decode($json, true);

        if (!$responseData) {
            return new Response(false, array('invalid-json'));
        }


I added a quick hack to display $json and it was empty - but it might be
helpful to display the contents in general in this situation.

I looked at the network traffic returned by google in the browswer and it
looked like:

)]}'
["uvresp","03AHJ...jUo",1,120]

Which freaked me out for a bit due to the leading characters - but apparently
this is a marker and google's JS code strips it.  See:

https://stackoverflow.com/questions/36693906/recaptcha-invalid-json-response

Hopefully this helps some one in the future.

-- 
Orion Poplawski
he/him/his  - surely the least important thing about me
Manager of IT Systems                      720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3826 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://jul.es/pipermail/zendto/attachments/20240226/c801b561/attachment-0001.p7s>

More information about the ZendTo mailing list