Use recaptcha.net instead of google.com (EU Cookies law) #548
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Recaptcha supports two domains: Google and recaptcha.net. The former may involve more cookies than desired, potentially leading to legal issues for the host. Using the latter has fewer implications.
|
Add a note to CHANGELOG and I'll merge. Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In current implementation, ReCaptcha is configured to use the
google.comdomain. While this setup is functional, it introduces potential legal and compliance risks related to cookie management. Specifically, thegoogle.comdomain can set additional cookies that may not be directly related to our website's functionality. These extra cookies raise concerns regarding user privacy and the stringent requirements of various cookie laws, such as the EU's GDPR.Under these regulations, websites must obtain explicit consent from users before any non-essential cookies are stored or accessed on their device. The presence of third-party cookies from
google.com, without clear and informed consent, could place us at risk of non-compliance.To mitigate these risks, I propose we switch the ReCaptcha service to use the
recaptcha.netdomain instead. This alternative domain offers the same functionality but with fewer implications regarding cookie placement. Usingrecaptcha.netminimizes the likelihood of inadvertently violating cookie regulations, as it's less likely to introduce unrelated or non-essential cookies. This change will help ensure our compliance with cookie laws while maintaining the integrity and security provided by ReCaptcha.I've prepared the necessary code changes for this switch and tested them to confirm that ReCaptcha continues to work as expected without any loss in functionality. This update will make our site more privacy-friendly and legally compliant.
Looking forward to your feedback and approval.