php - Captcha removed/bypassed on inspect element

View Original

I am using google captcha on my login page. But one problem I found is that when I use inspect element the captcha element is visible on the source and I can delete that element therefore the captcha checkbox is removed and I can bypass the captcha on my login page. Is it okay for it to be removable or should I take action on to make it non-removable on inspect element and what can I do to make it non removable?

Answer

Solution:

In the backend code you should be checking if the captcha was (successfully) submitted.

First checking if it is empty, and after confirm with google it is the right code (thus successfully completed the captcha) So it is possible to be removeable, but it shouldn't process the request.

Answer

Solution:

Frontend runs on client(browser) side so we don't have much control over there, But we have control over backend, so what you can do is add a validation in backend code on parameter which sends google recaptcha token that it should not be an empty value.

like this,

If(empty($recaptch_token)){
  // return validation message to browser 
}

Source
© 2021
E-mail: contact@webdevask.com
Back to top