-
Notifications
You must be signed in to change notification settings - Fork 996
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reCAPTCHA blocked in China #3174
Comments
Might be something related to the CSP policy. |
@JacksonWuxs Are you seeing a reCAPTCHA like this on the register page? |
Oh interesting, I wonder if China is blocking recaptcha. |
Okay, so according to @reaperhulk Recaptcha doesn't work in China, that is... unfortunate. |
Some more information google/recaptcha#87 |
@dstufft I see, thanks. |
Not sure what (if any) milestone we should add this to, but getting this fixed is super important since currently all of China can't interact with anything on Warehouse that requires a captcha. /cc @brainwane |
I'm sorry about writing back so late.
In fact I didn't see this register page. Here is what I got after clicking the "Create Account" button.
|
I will try to find the answer from the blog what you gave me. In any case, I am moved by your attention to this issue.
By the way, Is the user who upload the library to Pypi really important? If not, could you help me upload my lib to Pypi please? I can't wait to share my library. hahaha...
Here is my lib address: https://github.com/JacksonWuxs/datapy .The address includes CODES, README and EXAMPLES.
If you need more information about this issue, please let me know. I will try my best to collect information to help you.
|
@JacksonWuxs If you let me know the email address and username you'd like to use, I can register an account on your behalf, and then we can do a password reset so you can get access to it. |
I'm really happy to hear that. I hope you could help me register an account and my information as follow:
E-Mail:wuxsmail@163.com
User Name: Jackson Woo
Real Name: Xuansheng Wu
|
@JacksonWuxs Done, you should have a password reset email in your inbox. Leaving this issue open until we resolve the larger problem of using reCAPTCHA in China. |
Done, I have finished to reset my password. Thanks, so much!
|
I'm sorry I need to bother you again. Unfortunately, when I was uploading my program with command as "twine upload dist/*", I raised another error. The error said: "HTTPError: 403 Client Error: The user 'JacksonWoo' is not allowed to upload to project 'datapy'."
How can I do?
|
@JacksonWuxs No apology necessary. The |
Oh it so sad... Could you tell me which web site will show the name list?
I mean the token names.
|
@JacksonWuxs You can search here: https://pypi.org/search/, for example https://pypi.org/search/?q=datapy. |
I upload my package to Pypi successful.
But I faced another bigger problem I thought. After I install successful, it still couldn't be import? I have screenshot of the wrong process. Thank you!
On 3/12/2018 22:02,Dustin Ingram<notifications@github.com> wrote:
@JacksonWuxs No apology necessary. The datapy project already exists, you'll need to choose a new name.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
I'd love advice on how we should address this. Right now I believe this is the biggest blocker stopping us from going to the beta stage and doing our publicity push. |
We're probably going to have to use a different captcha solution, at least in china if not everywhere. At least that's the only thing I can think of. |
Some basic notes at https://stackoverflow.com/questions/23780387/recaptcha-availability-in-china that sum up to "Don't use recaptcha if you have users in China". |
It's been a while but I've used this with success when I needed a captcha solution that worked in China in the past: https://captcha.com/ (note that there's no Python backend though.) |
That's already been mentioned in this thread @cpdyj. |
reCaptcha v2 is not guaranteed to work in china due to its dependencies on google.com which is blocked. One can look at https://captcha.com/ to host their own, or https://www.mtcaptcha.com for a paid for recaptcha alternative. Both would work in China. |
Hi I am currently residing in Nanjing, China. I was temporarily unable to create an account because of the reCAPTCHA issue and the blanket blocking of google.com and its APIs. I was, however, able to get around this using the audio function by clicking on the speaker/volume (sic) icon and entering a code provided by audio playback. |
Well there was long time after I rose the issue. Finally, I solved this problem with a proxy software which let me go through the fire wall of China Internet. Due to the reason that China government locked most of responses from abroad, including APIs from Google, the reCAPTCHA issue happened. If anyone face the same issue in the future, the best solution is buying a proxy. At that moment, you can not only create an account, you also search papers or more information with Google conveniencely. |
This comment has been minimized.
This comment has been minimized.
New guidance: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally With an additional step not noted in googles docs regarding the need to add gstatic.cn to CSP: https://stackoverflow.com/a/57855838 |
Looking at the comments there, it seems like this doesn't work anymore, however it might be worth doing anyways and the "proxying" solution there might be something we could implement instead. I'm going to unlock this issue to give our users in China the ability to tell us if they are still encountering this. |
@di I got the same issue here, cannot see the recaptcha on regsiter page. BTW, my problem is slightly different here. I got proxy to access so websites outside of China. I can access Google Facebook and so on. And i can also see recaptcha on those websites. And i tried to disable CSP of chrome, and it works. I think that's some sort of security update? |
@demonguy thanks for the report, can you please provide more details on the specific blocked request? I’m looking for the full url the browser is attempting to load? |
@demonguy Same situation and issue with you on Chrome. Recapture displays correctly on Safari. (When setting global proxy I can see Recapture on Chrome too, but with some latency.) |
Same situation, help!!! |
Here is the request jar saved from Chrome @miketheman |
@demonguy has you registered a account |
@SimFG yeah. I download a Chrome plugin which disable csp on Chrome and i successfully registed an account I think this is another problem? Maybe all latest Chrome users will have such issue? |
@demonguy which plugin, i need it. help help help |
Thanks, I'll investigate with these details - and think we have a path forward. |
Thanks for your details and patience! @demonguy @Teddy-van-Jerry @SimFG I've shipped a change to the Content Security Policy we set as headers for the recaptcha - this directive helps by telling browsers what the authors of a website have decided which scripts to securely allow, and prevent unintended other scripts loading. If you wouldn't mind deactivating the plugins that disable the CSP behavior and confirming that the recaptcha loads on registration page https://pypi.org/account/register/ so we can close this out? |
@miketheman it works now |
BTW, another url is blocked, but i think it doesn't matter Request URL: https://media.ethicalads.io/media/client/v1.4.0/ethicalads.min.js |
@demonguy Thanks - that's not being blocked by CSP - that might be another browser plugin like an Ad Blocker. It shouldn't have any negative impact on the operation of the site. |
Now that this is confirmed as resolved again, I'll go ahead and lock this conversation to prevent unnecessary notifications to the 20ish folks on this issue. |
A pypi ID is necessary while Iwould like to share and upload a package on pypi. Unfortunnatly, there was something wrong with the website of "https://pypi.org/account/register/". After writing the all information, an ERROR was arise named "Recaptcha error.".
I'm not sure if that is caused by China Internet?
The text was updated successfully, but these errors were encountered: