0

I'm a frontend developer trying to create a test case of adding google-recaptcha-v3 in my react app. I'd appreciate response to how i can by-pass the cors error when I make a post request to verify the user's token.

//imports
 ... 

const Recaptcha=()=>{
return(
        <div>
            <p>Recaptcha Test</p>
            <button onClick={handleSubmit}>Send Test</button>
        </div>
    )

// handleSubmit function
const handleSubmit =()=>{
        const getToken = async () => {
            await executeRecaptcha('contactpage')
           .then(res=>{ 
               console.log(res);
               return setToken(res);
           });
       }
       getToken();
       console.log(token);

       const verifyToken = async () => {
        console.log(token);
        const article = {
            secret: '*******',
            response: token
        }
        let axiosConfig = {
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded',
                "Access-Control-Allow-Origin": "http://localhost:3000",
            }
        };
        let url = 'https://www.google.com/recaptcha/api/siteverify';
        await axios.post(url, article)
            .then(res => console.log(res))
            .catch(err => console.log(err));
    }
    verifyToken();

    }

Then I get this error in my browser console: Access to XMLHttpRequest at 'https://www.google.com/recaptcha/api/siteverify' from origin 'http://localhost:3000/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

dev_integral
  • 104
  • 7

1 Answers1

0

Google is not allowing you to call 'https://www.google.com/recaptcha/api/siteverify' from a frontend because of their CORS policy. See Mozilla's CORS guide for more information about CORS. Calls can only be initiated from a backend and not from a browser.

Tobias S.
  • 21,159
  • 4
  • 27
  • 45