recaptcha not displaying on FF or chrome, IE displays after allowing blocked content

Question

The server that is hosting the code is running coldfusion 4.5. The page in question is a frameset, so I can't link directly to it.

It's this page: http://www.palosverdes.com/calendar/, and then the sign up link on the right under "Admin".

The code that is there right now works as expected for IE after allowing blocked content. Here's the code:

<cfscript>
CHALLENGE_URL = "http://api.recaptcha.net";
SSL_CHALLENGE_URL = "https://api-secure.recaptcha.net";
VERIFY_URL = "http://api-verify.recaptcha.net/verify";
</cfscript>

<cfif isDefined("form.recaptcha_challenge_field") and isDefined("form.recaptcha_response_field")>

<cftry>
    <cfhttp url="#VERIFY_URL#" method="post" throwonerror="true">
        <cfhttpparam type="formfield" name="privatekey" value="6LfwVs0SAAAAAIlIJpLDvIay_d5G0RncS0VSrnV0">
        <cfhttpparam type="formfield" name="remoteip" value="#cgi.REMOTE_ADDR#">
        <cfhttpparam type="formfield" name="challenge" value="#form.recaptcha_challenge_field#">
        <cfhttpparam type="formfield" name="response" value="#form.recaptcha_response_field#">
    </cfhttp>
<cfcatch>
    <cfthrow  type="RECAPTCHA_NO_SERVICE"
        message="recaptcha: unable to contact recaptcha verification service on url '#VERIFY_URL#'">
</cfcatch>
</cftry>

<cfset aResponse = listToArray(cfhttp.fileContent, chr(10))>
<cfset form.recaptcha = aResponse[1]>
<cfset structDelete(form, "recaptcha_challenge_field")>
<cfset structDelete(form, "recaptcha_response_field")>

<cfif aResponse[1] eq "false" and aResponse[2] neq "incorrect-captcha-sol">
    <cfthrow type="RECAPTCHA_VERIFICATION_FAILURE"
        message="recaptcha: the verification service responded with error '#aResponse[2]#'. See http://recaptcha.net/apidocs/captcha/ for error meanings.">


</cfif>



<cfelse>

<cfset form.recaptcha = false>

</cfif>


<cfif isdefined("form.recaptcha") and form.recaptcha neq "false">
<cfinclude template="addorgresults.cfm">
<cfelse>

I've used this page http://www.palosverdes.com/sandbox/captchatest.cfm to determine that the captcha itself is working correctly, so my guess is that it has something to do with putting the captcha in a frameset. Any ideas?

Answer 1

The reason it isn't working in Firefox:

api-secure.recaptcha.net uses an invalid security certificate.

The certificate is only valid for www.google.com

(Error code: ssl_error_bad_cert_domain)

You appear to be using 2 different sets of code for your test one (that works) and the one that doesn't work.

The one that is broken:

<script type="text/javascript"
   src="https://api-secure.recaptcha.net/challenge?k=6LfwVs0SAAAAAClnUJ5XD7O19d9ZdlGBFgAn8Gws">
</script>


<noscript>
   <iframe src="https://api-secure.recaptcha.net/noscript?k=6LfwVs0SAAAAAClnUJ5XD7O19d9ZdlGBFgAn8Gws"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field"
       value="manual_challenge">
</noscript>

The one that works:

<script type="text/javascript"
 src="http://www.google.com/recaptcha/api/challenge?k=6LfwVs0SAAAAAClnUJ5XD7O19d9ZdlGBFgAn8Gws">

</script>
<noscript>
 <iframe src="http://www.google.com/recaptcha/api/noscript?k=6LfwVs0SAAAAAClnUJ5XD7O19d9ZdlGBFgAn8Gws"
     height="300" width="500" frameborder="0"></iframe><br>
 <textarea name="recaptcha_challenge_field" rows="3" cols="40">
 </textarea>
 <input type="hidden" name="recaptcha_response_field"
     value="manual_challenge">
</noscript>

I think you need to change the URL's on the first one from api-secure.recaptcha.net to google.com/recaptcha/api