Google reCAPTCHA reset() event is sending request to Moneris

When I call grecaptcha.reset() a websocket event type 'message' is emitted, resulting in our embedded Moneris form being submitted. This is not desired behaviour.

---

I have narrowed down the function doDataTokenize being called and sending the submit request to Moneris. Notice the bypass code in the if statement of doDataTokenize ensures the event.origin is not being tested.

if (event.origin == "" || "bypass" == "bypass")

---

The expected behaviour is for grecaptcha.reset() to be called and not trigger any events with Moneris.

  • I discovered that the hosted tokenization is set to "Source URL authentication bypassed" for localhost!

    But I can't put localhost as a source url...has anyone done this?
  • In reply to sketchedin:

    Hi, the bypass has to do with whether you have a Source Domain specified for your hosted tokenization profile or not. If nothing specified, we make no domain check and the Hosted Tokenization form will have "bypass" == "bypass". If you've specified a domain then we check it against event.origin (e.g. event.origin == "www.domain.com")

    If you are saying that your grecaptcha.reset() is causing the form to submit, it means that something is posting a message to our hosted tokenization form when this happens.