[Bug]: ReCaptcha - possible security breach + misguided documentation #5733
Assignees
Labels
Type: Bug 🐞
Something isn't working
Comments
|
I also received a warning from GitHub about uploading the source code with this key. In other words, it is also suggesting that the recaptcha key must be private under any circumstances. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Blazorise Version
all
What Blazorise provider are you running on?
Bootstrap5
Link to minimal reproduction or a simple code snippet
https://dev.streamingdiscovery.com/login-providers
Steps to reproduce
follow documentation
What is expected?
be able to connect correctly with Google and securely
What is actually happening?
I followed the example in the documentation, but I soon came across a CORS error, because I'm using WASM and the call is made from the browser. After researching, I discovered that the correct thing to do would be to call it from an API, not directly from the WEB project (no matter what settings you make in the Google Console).
But I also noticed a second problem: I saw a lot of comments from people saying that this key shouldn't be public, but private. But the documentation says that the key should be configured in program.cs, which makes it public to the user, since it's in the source code.
What browsers do you see the problem on?
Chrome
Any additional comments?
No response
The text was updated successfully, but these errors were encountered: