Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wait, now you have me wondering: If this is just javascript from another domain, what's preventing bots from proxying requests, intercepting this one, and replacing it with a dummy function that returns a "no threat" score?


https://developers.google.com/recaptcha/docs/verify


So... the answer is, nothing prevents it?


When the API reports a failed verification, the webmaster knows that the response has been tampered with?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: