Vulnerability in EPiServer.Forms
Currently, Recaptcha has been implemented in forms element and it is working.
However, we found recaptcha is not working in China
because recaptcha is using Google API service which is blocked by Chinese policy.
is it possible to replace like below?
use "www.recaptcha.net" in your code in circumstances when "www.google.com" is not accessible.
but we can't find the place to replace it, could you help suggst on it? thanks.
I think you can use this url to provide feature request & feedback: https://feedback.episerver.com/
Hope it helps !
It is worth bearing in mind that Forms can be personalised using visitor groups. So you could set up a visitor group to check if a user is in China. If they are not in China then do not show the Recapcha.
Also worth noting the Episerver.Forms.Samples (which includes the recaptcha form element) is available on GitHub here: https://github.com/episerver/EPiServer.Forms.Samples/
You could try to create your own version of the recaptcha element that doesn't use Google. It's possible the only update necessary is to the RecaptchaVerifyBaseUrl value here: https://github.com/episerver/EPiServer.Forms.Samples/blob/master/Implementation/Validation/RecaptchaValidator.cs (but I haven't tested at all.)
Then either use the new version of the recaptcha for everyone, or just for China users via Visitor Group personalization like David said.
Following the conversation, hcaptcha is a very decent tool to replace recaptcha: https://www.hcaptcha.com/ and was adopted by Cloudflare: https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/
With visitor groups, it might be possible to offer hcaptcha to Chinese users without changing the user experience for visitors outside China