2

REQ_PARAM_NAME::validated-captcha
REQ_PARAM_VALUE::Pair(false,Unable to validate in time. Response is assumed correct. 101781)

Why do I get this message from google?

The v2 reCaptcha checkbox is checked before submitting the form, but the server validation returns the above result and is rejected (Salesforce form rejects it).

** EDIT **

The website is a wordpress site. Here is the code I needed to add in the header:

<script src="https://www.google.com/recaptcha/api.js"></script> <script> function timestamp() { var response = document.getElementById("g-recaptcha-response"); if (response == null || response.value.trim() == "") {var elems = JSON.parse(document.getElementsByName("captcha_settings")[0].value);elems["ts"] = JSON.stringify(new Date().getTime());document.getElementsByName("captcha_settings")[0].value = JSON.stringify(elems); } } setInterval(timestamp, 500); </script>

The form has nothing special, but is submitted to Salesforce, so I do not validate the captcha myself:

<form action="https://webto.salesforce.com/servlet/servlet..." method=POST"> <input id="email" maxlength="80" name="email" size="20" type="text" /> <input type=hidden name='captcha_settings' value='{"keyname":"LOGIS_CO","fallback":"true","orgId":"00YXZ000000XYZ","ts":""}'> <!-- some other fields --> <div class="g-recaptcha" data-sitekey="xyz..."></div> <br><input type="submit" name="submit">

The resulting message "...Unable to validate in time. Response is assumed correct. 101781)" was given to me by Salesforce support. So Salesforce form does receive the the posted form and they validate the captcha result.

In the end, Salesforce validates the resulting posted form, and they get that validated-captcha = false, Unable to validate in time. Response is assumed correct. 101781. and they reject the post. So Salesforce support asked me to check for this captcha error message myself...

Improve this question
6
  • Do you mind sharing the form address you're having trouble with? Commented Oct 2, 2019 at 16:54
  • Tha captcha was removed from the form for now. Left me know what do you want to check. Commented Oct 2, 2019 at 19:11
  • I see. Since I have no SF account I just wanted to see form fields and related JS codes if there is to inspect what is being sent to SF servers. I think whatever is wrong starts on the client's computer and ends on SF servers, don't think this has anything to do with Google. By censoring private information, an HTML snippet of the form instead of a living URL would also be helpful. Commented Oct 2, 2019 at 19:41
  • I added information about the form, Commented Oct 3, 2019 at 11:57
  • Thanks Philippe, but there must be an element named captcha_settings in the form, apparently the JavaScript code refers it, possibly an <input> tag. Could you include it too, again by censoring (fill with xxxs, don't remove) if it contains private information. Commented Oct 3, 2019 at 16:13

1 Answer 1

Reset to default
6
+50

tl;dr When a visitor's system clock is lagging behind, the form cannot validated by SF, possibly considered as a delayed submission, so the error Unable to validate in time happens.

When I fill & submit the form, although I dont' have a SF setup, I can inspect what's being sent to SF server by using my browser's developer tools.

Apart from the usual fields, there was an additional information being sent to SF servers named ts inside the field captcha_settings which is a timestamp calculated with JavaScript by using client's system date.

timestamp

It was not difficult to guess that it is being used for validation.

So I decided to create a SF account, luckily there was a 30-day trial option. After creating the account I created a web-to-case form with an auto response template simply says Case Successfully Created in Salesforce.

Acquired a reCAPTCHA v2 token for my test domain and put the form's HTML markup there and started to test.

I submitted the form 9-10 times with no problem. All cases created and I received an email for each one.

Then I set the system clock back two hours, submitted the form 2-3 times. The form was sent successfully as before, but this time nothing happened. I did not receive any email.

Then I adjusted system clock back to the correct time, and everything started working again as it should.

You can reproduce the issue by setting your computer's system clock a couple of hours back.

In summary, this is an issue that SF must fix. Relying on the client's system time, which is not a reliable source for a validation process, is definitely a bad choice. You may want to inform them about this problem.

Until SF does something, as a workaround, it would be OK to rely on a 3rd party timestamp service I think.

If you consider that, you can replace script tags in the header with the following.

<script src="https://www.google.com/recaptcha/api.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script> <script> var currentTimestamp; $.getJSON( "http://icanhazepoch.com/", function( data ) { currentTimestamp = data * 1000; setInterval(timestamp, 500); }); function timestamp() { currentTimestamp += 500; var response = document.getElementById("g-recaptcha-response"); if (response == null || response.value.trim() == "") { var elems = JSON.parse(document.getElementsByName("captcha_settings")[0].value); elems["ts"] = JSON.stringify(currentTimestamp); document.getElementsByName("captcha_settings")[0].value = JSON.stringify(elems); } } </script>

Whit this way, instead of client's system clock, the timestamp obtained from the service will be used by incrementing every 500ms.

I hope it helps you.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Wow, thank you very much for your time! I will try this later today.
I did not finished my tests, but you deserved the bounty for your effort, thank you so much.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.