google invisible reCaptcha server side validation is failing

Question

i have integrated the invisible reCaptcha in my application and the client side response is coming as part of solving the image challenge. i am then calling a angular function to validate user response on server side using below code. where onloginSubmit(token) is the success call back.

<button id="btnLogin" ng-disabled="loginForm.$invalid" 
                                class="g-recaptcha primarybtn margin-left-zero form-control-input"
                                data-sitekey="{{public_key}}"
                                data-callback='onloginSubmit'>{{'label_login' |
                                translate}}</button>

<script>
   function onloginSubmit(token) {
       angular.element(document.getElementById('loginForm')).scope().verifyReCaptcha(token);
   };
 </script>

in angular i am calling the verifyReCaptcha as below.

$scope.public_key = "------ My Site Key -------";
  $scope.private_key = "------ My Secret Key -------";
  $scope.verifyReCaptchaURL = "https://www.google.com/recaptcha/api/siteverify";

$scope.verifyReCaptcha = function(reCaptchaToken){
       var captchaData = {
              secret : $scope.private_key,
              response : reCaptchaToken
      }

      $http({
          headers: {
            'Accept': 'application/json,text/plain',
            'Content-Type': 'application/json;application/x-www-form-urlencoded;charset=utf-8;',
          },
          url: $scope.verifyReCaptchaURL,
          method: 'POST',
          data: captchaData
        }).success(function (data) {
             console.log("success");
             $scope.login();
        }).error(function (data) {
             console.log("error");
             $window.location.reload(true);
        });
  };

when i hit the api service https://www.google.com/recaptcha/api/siteverify . i get the below error.

Failed to load https://www.google.com/recaptcha/api/siteverify: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 405.

i couldnt find more documentation for the issue.

what is it that i am doing wrong and also if there is any error the recaptcha does not come up and the login button which i am using fails to respond.

n the request i am mentioning the Method as Post, the method is over ridden as Options and the request payload which i am sending is not present. this is what i got in the networks tab

Request URL:https://www.google.com/recaptcha/api/siteverify Request Method:OPTIONS Status Code:405 Remote Address:10.120.118.50:8080 Referrer Policy:no-referrer-when-downgrade

Answer 1

Most of the thing you did a great job. One thing is to require in your application is communicate to an external domain so you can include HTTP header content type is include a JSONP format.

 $http({
      headers: {
        'Accept': 'application/json,text/plain',
        'Content-Type': 'application/jsonp;application/x-www-form-urlencoded;charset=utf-8;',
      },
      url: $scope.verifyReCaptchaURL,
      method: 'POST',
      data: captchaData
    }).success(function (data) {
         console.log("success");
         $scope.login();
    }).error(function (data) {
         console.log("error");
         $window.location.reload(true);
    });