Using reCAPTCHA on localhost

I'm developing a website using PHP and I want to make a human verification in one of the sessions. For the development, I'm initially running the system locally and when it is ready, I'm going to put it on some domain.

In the reCAPTCHA website it is said that the plugin will only work at the given domain (and subdomains).

Is there a way to use the reCAPTCHA plugin on a localhost?

Update

The original answer is no longer correct. The developer's guide now states:

> "If you would like to use "localhost" for development, you must add it to the list of domains."

This will only work if you access localhost using 127.0.0.1/... rather than localhost/....

The original answer is preserved below.

According to the reCAPTCHA Developer's Guide:

> "localhost domains are no longer supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key. Go to the admin console to update your list of supported domains. We advise to use a separate key for development and production and to not allow localhost on your production site key."

In other words, simply use the same key.

This worked for me:

Extracted from the reCAPTCHA documentation:

> With the following test keys, you will always get No CAPTCHA and all > verification requests will pass. > > Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI > > Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe > > The reCAPTCHA widget will show a warning message to claim that it's > only for testing purpose. Please do not use these keys for your > production traffic.

Please note that as of 2016, reCAPTCHA doesn't naively support localhost anymore. From the FAQ:

> Localhost domains are no longer supported by default. If you wish to > continue supporting them for development you can add them to the list > of supported domains for your site key. Go to the admin console to > update your list of supported domains. We advise to use a separate key > for development and production and to not allow localhost on your > production site key.

Just add localhost to your list of domains for your site and you'll be good.

It's so easy:

1. Go to your google reCAPTCHA adminstration panel
2. Add localhost & 127.0.0.1 to the domains of a new site, like the following image.

Update:

If your question is how to set reCAPTCHA on the Google site for using it in localhost, then it has be as I wrote it above, but if you are curious how you can use reCAPTCHA on both localhost and a website host by minimal code in your controller and prevent some codes like ConfigurationManager.AppSettings["ReCaptcha:SiteKey"] in it, then I help you with this extra description and code in my answer.

Do you like the following GET and POST actions?

The code below supports reCAPTCHA and doesn't need any other code for handling reCAPTCHA.

[HttpGet]
[Recaptcha]
public ActionResult Register()
{
    // Your code in the GET action
}

[HttpPost]
[Recaptcha]
[ValidateAntiForgeryToken]
public ActionResult Register(RegisterViewModel model, string reCaptcha_SecretKey){
   // Your code in the POST action
   if (!ModelState.IsValid || !ReCaptcha.Validate(reCaptcha_SecretKey))
   {
       // Your code
   }
   // Your code
}

In View: (reference)

@ReCaptcha.GetHtml(@ViewBag.publicKey)

@if (ViewBag.RecaptchaLastErrors != null)
{
    <div>Oops! Invalid reCAPTCHA =(</div>
}

To use it

A) Add the following ActionFilter to your Web project:

public class RecaptchaAttribute : FilterAttribute, IActionFilter
{
    public void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var setting_Key = filterContext.HttpContext.Request.IsLocal ? "ReCaptcha_Local" : "ReCaptcha";
        filterContext.ActionParameters["ReCaptcha_SecretKey"] = ConfigurationManager.AppSettings[$"{setting_Key}:SecretKey"];
    }

    public void OnActionExecuted(ActionExecutedContext filterContext)
    {
        var setting_Key = filterContext.HttpContext.Request.IsLocal ? "ReCaptcha_Local" : "ReCaptcha";
        filterContext.Controller.ViewBag.Recaptcha = ReCaptcha.GetHtml(publicKey: ConfigurationManager.AppSettings[$"{setting_Key}:SiteKey"]);
        filterContext.Controller.ViewBag.publicKey = ConfigurationManager.AppSettings[$"{setting_Key}:SiteKey"];
    }
}

B) Add the reCAPTCHA settings keys for both localhost and website like this in your webconfig file:

<appSettings>

    <!-- RECAPTCHA SETTING KEYS FOR LOCALHOST -->
    <add key="ReCaptcha_Local:SiteKey" value="[Localhost SiteKey]" />
    <add key="ReCaptcha_Local:SecretKey" value="[Localhost SecretKey]" />
    <!-- RECAPTCHA SETTING KEYS FOR WEBSITE -->
    <!--<add key="ReCaptcha:SiteKey" value="[Webite SiteKey]" />
    <add key="ReCaptcha:SecretKey" value="[Webite SecretKey]" />-->

    <!-- OTHER SETTING KEYS OF YOUR PROJECT -->

</appSettings>

Note: By this way you did not need set the reCaptcha_SecretKey parameter in the post action or any ViewBag for reCaptcha manually in your Actions and Views. All of them will be filled in automatically at runtime with appropriate values depending on if you have run the project on the localhost or website.

When you add domains in Google reCAPTCHA:

Add new domain:

Localhost, not localhost

"L" is a capital letter.

As of January 2nd, 2021, Google posted these two keys for testing in this article.

> I'd like to run automated tests with reCAPTCHA. What should I do? For reCAPTCHA v3, create a separate key for testing environments. Scores may not be accurate as reCAPTCHA v3 relies on seeing real traffic.

> For reCAPTCHA v2, use the following test keys. You will always get No CAPTCHA and all verification requests will pass.

Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

> The reCAPTCHA widget will show a warning message to ensure it's not > used for production traffic.

The generated emails went into spam the first time I used the keys.

Remove the current reCAPTCHA key, register the new key, and set your key settings with these domains:

127.0.0.1
localhost

Google has recently stopped allowing localhost being allowed by default (as touched upon by @Artur Cesar De Melo). This is under their FAQ:

> I'm getting an error "Localhost is not in the list of supported domains". This was working before, what should I do? > >localhost domains are no longer supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key. Go to the admin console to update your list of supported domains. We advise to use a separate key for development and production and to not allow localhost on your production site key.

1: Create a separate key for your development environment

2: Add 127.0.0.1 to the list of allowed domains

3: Save changes and allow up to 30 minutess for changes to take affect

reCAPTCHA will not work on localhost/.

Use 127.0.0.1/ instead of localhost/.

To your domains list of Google reCAPTCHA websites (https://www.google.com/recaptcha/admin/site/{siteid}/settings), add LOCALHOST.

If the above doesn't work, try adding 127.0.0.1 too.

As per Google's reCAPTCHA documentation

> localhost domains are no longer supported by default. If you wish to > continue supporting them for development you can add them to the list > of supported domains for your site key. Go to the admin console to > update your list of supported domains. We advise to use a separate key > for development and production and to not allow localhost on your > production site key

1. Register your website at https://www.google.com/recaptcha/admin

2. Add the JavaScript plugin

3. Add the class and your site key provided by Google

   

localhost works now. However, remember that after adding localhost to list of domain names, it takes up to 30 minutes to take effect (according to the help tip shown against the domain names list).

If you have an old key, you should recreate your API key. Also be aware of proxies.

You can write "localhost" or "127.0.0.1", but the URL must be the same.

Example: Google Domains Add -> localhost URL => localhost/login.php

Example: Google Domains Add -> 127.0.0.1 URL => 127.0.0.1/login.php

I was recently working on creating a website involving reCAPTCHA v2 and I had a need to do test automation on my localhost. I did not add any IP address or localhost into the reCAPTCHA administration portal.

Follow the below steps

1. Log in to the reCAPTCHA administration site. Screenshot

2. Locate Key Settings

3. Click on advanced settings

4. Under Domain Name Validation, uncheck Verify the origin of reCAPTCHA solutions checkbox. This option is used to verifying requests coming from one of the above listed domains.

   Please note that, if disabled, you are required to check the hostname on your server when verifying a solution.

I created a new key, disabled this, and used this key for testing in localhost.

This is a sample page which implements reCAPTCHA for comments.

As of today in 2021, the Google reCAPTCHA Enterprise version console includes a validation check that does not allow addition of localhost to the list of allowed domains. To get around this (obviously only for development/testing purposes) doing the following works for me:

1. Create an entry in your hosts file that resolves your domain to your localhost

   127.0.0.1    whatever-your-domain-will-be.com
   

2. Test your application not by navigating to localhost, but rather by navigating to your domain.

My local server/app would normally run at http://localhost:4000, so navigating to http://whatever-your-domain-will-be.com:4000 did the trick.

Once deployed or testing is complete it's easy enough to remove the hosts file entry and there is no lingering trash in the reCAPTCHA allowed domains list.

This may be helping all the users having problems with reCAPTCHA on localhost. Google indeed says "By default, all keys work on 'localhost' (or '127.0.0.1')", but for real using reCAPTCHA on localhost may cause problems. In my case, I solved it using secure tokens.

I posted a working solution for PHP here.

For testing purposes, if you want to test your web page which includes reCAPTCHA on localhost, then add localhost in the domain list by the Admin Console 2: https://www.google.com/recaptcha/admin. *It is advised to create a separate site key for localhost.

Admin Console Screenshot

CAPTCHA Output

The way that worked for me, was to use my external IP address.

If you don't know what it is, just google "What's my IP"

Then use your IP address and set this in your domains for the captcha and it should start working OK.

If you are using Laravel then you should restart your server and run the following two commands:

php artisan config:clear

php artisan cache:clear

I got an error related to reCAPTCHA on a Laravel website. I resolved it by using some commands and with an env file and previous answers will also help in this problem.

First of all, check the env file (in your case, the file which has the Google reCAPTCHA key) for the Google reCAPTCHA key.

Second, run these commands:

1. php artisan config:clear
2. php artisan cache:clear
3. composer dump-autoload
4. php artisan view:clear
5. php artisan route:clear

It will solve your problem.

For me, it worked deleting my actual configuration and creating a new one, adding domains like this: