6

I added Google ReCAPTCHA with the Contact Form 7 plugin to all my contact forms. Unfortunately the badge loads the Roboto font (s/roboto/v18; files: KFOlCnqEu92Fr1MmEU9fBBc4.woff2 and KFOmCnqEu92Fr1Mu4mxK.woff2). I hid the badge with "visibility:hidden;", because "display:none;" would break the functionality.

The URLs of the fonts are:

Roboto font loading

Is it possible to block those two fonts from loading? I tried this code without success:

function remove_google_fonts_stylesheet() {  
wp_dequeue_style( 'google-fonts-roboto' );
}
add_action( 'wp_enqueue_scripts', 'remove_google_fonts_stylesheet', 999 );
Mario
  • 353
  • 1
  • 5
  • 17
  • No. It is loaded by Google itself. You have no control over what they do. – GhostPengy Mar 09 '21 at 13:17
  • Does this mean that outgoing requests, such as those from Google to the fonts URL, cannot be blocked server sided? – Mario Mar 09 '21 at 13:24
  • 1
    ReCaptcha is loaded via iframe. Google loads the contents of that website, you cannot alter what google servers are going to load. If you loaded it on your own servers, you could. But google pages are out of your scope, in terms of making requests. – GhostPengy Mar 09 '21 at 14:14

1 Answers1

0

You are allowed to load Data from the US, which happens when using reCAPTCHA v3. What you still have to do is communicate it and request the Consent of the User to do so.

DSGVO valid solutions are something you have to deal with in Germany for particular. What forces you to implement Consent Banners and similar solutions.

Most of them offer API's or Methods to deal with Situations like this.

Usercentrics for instance allows to make Services like reCAPTCHA v3 Consent sensitive. As long as the Service is not essential you can let the User Choose to allow the Service. Then it is an absolute legitim solution and you don't have to switch your Capture Tool.

In the case of contact form 7 Wordpress plugin, you have to ensure through a filter that the reCAPTCHA script-tag is set as type="text/plain", add a new Attribute named data-usercentrics and fill it with the Name of the service, in this case "reCAPTCHA v3" and add the Attribute "async" as well.

Next you have to define the reCAPTCHA v3 service as a non essential service in the Usercentrics Admin-Panel, for example as functional.

When a User hits your webpage without giving consent, the script-tag will remain in type as "text/plain", what will not execute it. When the User gives consent for the service, Usercentrics will change the type of the script-tag to "text/javascript" what will immediately lead into executing the script.

To have it work with contact form 7, you have to do the same with any contact form 7 related script, especially the "index.js". What will ensure that the script is loaded only when reCAPTCHA v3 is loaded and also ensure that it will be loaded and executed asynchronously in the proper order.

A last thing you have to do, is to add another custom script which will be at the very bottom of your head section. Defined the same way like you did with the other script tags, put in code to trigger the "DOMContentLoaded" Event.

The last step is necessary, cause the asynchrounous loading of all related scripts will have their entry point "after" the generic "DOMContentLoaded" event. To have the contact form 7 javascript logic to be applied, you have to retrigger it.

In the final end you will have a working reCAPTCHA protected Form which is only contacting US servers when the User gives consent for it.

You should then apply logic to disable the form when the User does not give consent and communicate that this is needed to enable the form and send messages through it.

samjaona
  • 46
  • 2