Today, if we are working with any big product company for the Salesforce marketing cloud implementation project. any cloudpages that captures some information and writes inside weather in sales cloud or in marketing cloud will not get security approval unless it has some bot attack protection like Google reCAPTCHA.
How can we add Google reCAPTCHA in Salesforce Marketing Cloud Cloud pages?
Since I have not seen Google reCAPTCHA V2 working perfectly with Salesforce Marketing Cloud AMPscripts functions, below are the details that should be used while implementing Google reCAPTCHA V3 over cloud pages.
In the head section; add the following script code.
<script type="text/javascript" runat="server">
Platform.Load("core", "1");
var response = [0];
var responseDetails = {};
var reCaptchaResponse = Request.GetFormField("response");
var headerNames = ["MyTestHeader1", "MyTestHeader2"];
var headerValues = ["MyTestValue1", "MyTestValue2"];
var contentType = 'application/x-www-form-urlencoded';
var url = 'https://www.google.com/recaptcha/api/siteverify';
var privateKey = 'Your Google reCAPTCHA v3 privateKey';
var payload = 'secret=' + privateKey + '&response=' + reCaptchaResponse;
responseDetails.StatusCode = Platform.Function.HTTPPost(url, contentType, payload, headerNames, headerValues, response);
responseDetails.Response = response;
var res=responseDetails.Response[0];
var obj = Platform.Function.ParseJSON(res);
var score = obj.score;
Variable.SetValue("Score",score);
Write(score);
Write(reCaptchaResponse);
</script>
<script src="https://www.google.com/recaptcha/api.js?render=Your Google reCAPTCHA v3 publicKey"></script>
<script>
grecaptcha.ready(function() {
// do request for recaptcha token
// response is promise with passed token
grecaptcha.execute('Your Google reCAPTCHA v3 publicKey', {action:'validate_captcha'})
.then(function(token) {
// add token value to form
document.getElementById('response').value = token;
});
});
</script>
* Yellow highlighted, please add your own KEYS.
well, the above script will not work all alone, if we see carefully it require a google reCAPTCHA response value. for that purpose we need to add a hidden field along with other fields in the cloud page as below;
<input type="hidden" name="response" id="response" value="">
Now that we know, based on Cloudpages visitor and its behaviour over the page, Google reCAPTCHA will generate a Score for that visitor.
the given score is always between 0 to 1. anything closer to "1" is considered as a good score and in other words, the visitor is not a boat.
hence in general as best practice, we always need to check if the score is greater than 0.5 then only proceed with further AMPscripts executions for the cloud page. like below.
IF @score > '0.5' THEN SET @submit = RequestParameter("submit")
IF @submit == 1 THEN SET ......
This post is contributed by:
Posts
0 comments:
Post a Comment