Problems with (Cookie) reCaptcha & Chrome 78

DeCysos

Phoenix Foto Service
License owner
[DE]
Ich habe das Problem das ich bei aktiviertem reCaptcha und der Nutzung von Chrome 78.0.3904.97 in der Entwickler-Console einige Fehler bzgl des Cookies von reCaptcha erhalte.
Desweiteren wird das reCaptcha dadurch nicht angezeigt.
Ich habe die Captcha Funktion vorerst deaktiviert.

Leider kann ich damit nicht all zu viel anfangen, außer das es beim setzen eines Cookies im Script wohl irgendwas umgestellt werden müsste damit das ganze wieder mit dem Chrome-Browser funktioniert.

Kann mir da bitte jemand weiter helfen.
Was muss ich wie und wo tun?

[EN]
I have the problem that I get some errors regarding the reCaptcha cookie with activated reCaptcha and the use of Chrome 78.0.3904.97 in the developer console.
Furthermore, the reCaptcha is not displayed.
I deactivated the Captcha function for the time being.

Unfortunately, I can not do it too much, except that when setting a cookie in the script probably something would have to be changed so that everything works again with the Chrome browser.

Could someone please help me here.
What do I have to do how and where?

Code:
A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
kontakt:1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
kontakt:1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
kontakt:1 A cookie associated with a cross-site resource at https://accounts.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
kontakt:1 A cookie associated with a cross-site resource at https://support.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
kontakt:1 A cookie associated with a cross-site resource at https://docs.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
kontakt:1 A cookie associated with a resource at http://google.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
chev_googlechrome_cookie.error_recaptcha.png
 

Rodolfo

Chevereto Developer
Chevereto Staff
Hi,

Isn't Google which is giving you this issue? I don't recall any function where Chevereto handles/set a cookie for google.com
 

DeCysos

Phoenix Foto Service
License owner
[DE]
Ja das kann sein, das diese Fehlermeldung direkt von google.com verursacht wird und diese versuchen ein Cookie zu setzen.
Evtl muss Google selbst seine Cookies noch anpassen und den entsprechenden HTTPS Header setzen?!

Da ich etwas herum experimentiert habe, ist mein derzeitige Header bezüglich Cookies folgender: Header always edit Set-Cookie (.*) "$1; HttpOnly;Secure;SameSite=Strict"

Jedoch ob dieser Fehler nun von Google oder vom Script kommt. Irgendwas mag der Chrome Browser wohl derzeit nicht und zeigt daher auch kein reCaptcha Eingabefeld an (bzw nur ganz kurz).
reCaptcha V3, funktioniert leider auch nicht mehr mit Chrome.

Ich habe mich daher entschlossen versuchsweise über Cloudflare Chinesische Benutzer auszusperren und halt die Bot erkennung über Cloudflare durchzuführen.

Gibt es irgendwas was ich selbst noch tun kann um das Problem zu beseitigen (außer die Captcha abfrage zu deaktivieren)?

[EN]
Yes, it may be that this error message is directly from google.com and they are trying to set a cookie.
Does Google have to customize its own cookies and set the appropriate HTTPS header?

Since I've been experimenting a bit around, my current cookie header is: Header always edit Set-Cookie (.*) "$1; HttpOnly;Secure;SameSite=Strict"

However, whether this error comes from Google or the script. Something like the Chrome browser probably not currently and therefore shows no reCaptcha input box (or only very briefly).
Unfortunately, reCaptcha V3 does not work with Chrome anymore.

I therefore decided to try to block Chinese users via Cloudflare and stop the bot detection via Cloudflare.

Is there anything I can do to fix the problem (except to disable the captcha query)?
 

Rodolfo

Chevereto Developer
Chevereto Staff
The way recaptcha works is by including a script hosted at Google. This script provides a register function which is used on the website which runs the Google script.

Chevereto doesn't touch any cookie made by that.
 

DeCysos

Phoenix Foto Service
License owner
So I can not do anything but wait until Google fixes its own problem?
Well I have disabled the reCaptcha function meanwhile.
(In Chrome on Android, it works strangely)

I have decided to introduce an invisible messenger called Honeypot
 

Rodolfo

Chevereto Developer
Chevereto Staff

DeCysos

Phoenix Foto Service
License owner
In Deutsch
---------------
Danke, dass mit den Cookies habe ich auch bereits gelesen.
Bleibt nun einfach abzuwarten was da Google genau macht. Meinen Header habe ich bereits umgestellt (STRICT).

das reCaptcha habe ich in meiner Dev-Umgebung auf Version 3 umgestellt und es nochmals getestet nachdem es in der Demo von Ihnen im Chrome Browser funktioniert hatte.
Auch bei mir in der Dev-Umgebung funktioniert Version 3.

Ich finde es sehr merkwürdig, weil ich genau die selben daten in der Live Version sowie in der Dev-Umgebung habe. Hatte vorher nochmal alle Daten dupliziert.

So, nun habe den reCaptcha auch nochmals in der Live Version getestet und siehe da, er funktioniert leider nicht im Chrome Browser.

Ich habe das Problem nun auch lokalisieren können.
Es liegt an cookiebot.com, sobald ich den Code unter folgendem Menüpunkt einfüge .... und das ganze Speicher, dann funktioniert der reCaptcha nicht mehr.

Ich hatte den JavaScript Code am ende innerhalb des <body> stehen.
Dashboard -> External Service ->Analytics Code
HTML:
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="MY.....xxxxxxXXXXXXxxxx.....ID" data-blockingmode="auto" type="text/javascript"></script>
Der Code gehört aber in den <head> bereich.
Ich hatte den Code zu testzwecken komplett entfernt und es funktionierte dann mit dem reCaptcha.
Sobald ich aber den Code in den <head> bereich einfügte funktionierte die komplett seite nicht mehr.
Im Firefox wird nur Schwarz anzeigt (Hintergrundfarbe) und im Chrome funktioniert der Login nicht mehr (Anfrage verweigert meldet die Seite)
Folgender Fehler wird in der Console angezeigt
Code:
chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:142 Uncaught ReferenceError: CHV is not defined
    at HTMLDocument.<anonymous> (chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:142)
    at c (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at Object.add [as done] (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at init.ready (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at new init (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at x (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:16
Vielleicht wissen sie einen Rat für mich, oder sollte ich mich direkt an cookiebot.com wenden?

-----------------------------------------------------------------
-------------------- In English ---------------------
-----------------------------------------------------------------
Thanks, that with the cookies I have already read.
Now just wait and see what Google does exactly. I have already changed my header (STRICT).

I changed the reCaptcha to version 3 in my dev environment and tested it again after it worked in the demo of you in the Chrome browser.
Also in my dev environment version 3 works.

I find it very strange because I have exactly the same data in the live version as well as in the dev environment. Had previously duplicated all the data again.

So, now have the reCaptcha tested again in the live version and lo and behold, it does not work in the Chrome browser.

I have now been able to locate the problem.
It is up to cookiebot.com, as soon as I insert the code under the following menu item .... and all the memory, then the reCaptcha does not work anymore.

I had the JavaScript code at the bottom of the <body>.
Dashboard -> External Service -> Analytics Code
HTML:
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="MY.....xxxxxxXXXXXXxxxx.....ID" data-blockingmode="auto" type="text/javascript"></script>
But the code belongs in the <head> area.
I completely removed the code for testing and it worked with the reCaptcha.
But as soon as I put the code in the <head> area the whole page did not work anymore.
In Firefox, only black is displayed (background color) and in Chrome, the login does not work anymore (request denied logs the page)
The following error is displayed in the console
Code:
chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:142 Uncaught ReferenceError: CHV is not defined
    at HTMLDocument.<anonymous> (chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:142)
    at c (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at Object.add [as done] (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at init.ready (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at new init (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at x (scripts.js?fe8d6a760e954acb3fff845a00e08c6d:18)
    at chevereto.js?fe8d6a760e954acb3fff845a00e08c6d:16
Maybe you know some advice for me, or should I contact cookiebot.com directly?
 

DeCysos

Phoenix Foto Service
License owner
I wrote to Cookiebot and described my problem.
Maybe there is help or advice from them.
62c11fd8-488d-4cc8-9891-9cfe6e0e5378.png
 

DeCysos

Phoenix Foto Service
License owner
I scanned the domain again after activating reCaptcha by cookiebot. So the cookie bot could also find the cookies from Google.

The problem in the Firefox with the black side is now gone.
However, the problem remains that in the Chrome browser the reCaptcha does not work.
--------------------
I am now waiting for a response from Cookiebot.com before I experiment further rum ;)
 

DeCysos

Phoenix Foto Service
License owner
So ich habe eine Antwort vom Support erhalten.
Hi ....,

ReCaptcha is known to not work well with Cookiebot. What you could do is wrap the content of the ReCaptcha script in an "if" statement:
Code:
if (Cookiebot.consent.statistics) {
// content of the ReCaptcha script
}
Mind you, it is essential that the Cookiebot script is executed first. Any script executed before, will be able to set cookies without consent.
Best regards,
Richard van der Velde
Cookiebot Support
www.cookiebot.com
Could the code also work on the below mentioned error (stop without reCaptcha)

Now the only question for me is, what exactly do they mean?
Is it a php if query or Javascript query. And where exactly should I fit these.

If someone has a solution for me, I would be very grateful.

PS: The Cookiebot.com script (see above) in the head area to pack, made me a completely black side and collides with peafoul.js (PF is undefined in row 11) and scripts.js

I almost think that with cookiebot.com is a very difficult thing.
 

DeCysos

Phoenix Foto Service
License owner
Code for Statistik Cookies:
HTML:
<script type="text/javascript">
    function CookiebotCallback_OnAccept() {
          if (Cookiebot.consent.statistics)           
{     
enableStatisticsCookies();             
}
}
function enableStatisticsCookies() { 
         //Code ausführen, der Statistik-Cookies setzt
       } 
</script>
Code für Marketing Cookies:
HTML:
<script type="text/javascript">

      window.addEventListener('CookiebotOnAccept', function (e) {
      if (Cookiebot.consent.marketing)
          {
          //Execute code that sets marketing cookies
          }
      }, false);

</script>
 
Top