Hey Chris,
can you provide me a link to investigate your issue?
Greetings!
Eric
Hello Eric,
any chance to send the link as a private message?
Greetings
Chris
Nevermind, I think I just recreated the issue and I also think i might have found the solution. I will give you a reply on this soon!
Chris, thank you very much for your feedback!
This helped to figure out this issue existed.
Please update to v1.0.5.8 to solve this false behavior.
I am very sorry for the circumstances.
Greetings
Eric
Hey Eric,
thank you very much for your quick response!
Now it works nearly perfect for my website.
Only Google ReCaptcha uses the font directly, so I have one connection to the google server. I don’t know wether this is redirectable. Otherwise I have to choose another spam protection.
Chrome network analysis:
Request URL: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Request Method: GET
Status Code: 200
Remote Address: 216.58.214.99:443
Referrer Policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
age: 1709335
alt-svc: quic=”:443″; ma=2592000; v=”43,42,41,39,35″
cache-control: public, max-age=31536000
content-length: 15344
content-type: font/woff2
date: Fri, 18 May 2018 18:18:08 GMT
expires: Sat, 18 May 2019 18:18:08 GMT
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
status: 200
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Provisional headers are shown
Origin: https://www.google.com
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ldu4lYUAAAAAKlKx01RJkrrxjLJPhX_h0NSt-ST&co=aHR0cHM6Ly93d3cuYnNlLXRhbnpzY2h1aGUuZGU6NDQz&hl=de&v=v1526884278587&size=compact&cb=21odwxilwqer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36
You’re welcome.
Sorry, the recaptcha is loaded via it’s script so there is a connection to google anyway. Maybe you can invent a 2-click option for that. That the whole form is not loaded until the user accepts that. Anyway – I personally think, that google has to do the work there, so they dont abuse or save the data. You have a legitimate interest to use recaptcha and webfonts etc. The last words aren’t spoken. But until then it’s maybe safer to restrict everything a bit more. I’ll let you know if I will implement a solution for recaptcha.
Greetings
Eric
