I have implemented Google's ReCaptcha in React using the react-google-recaptcha library. I use the component like this:
<ReCAPTCHA
sitekey={captchaSiteKey}
ref={captchaRef}
onChange={handleVerification}
/>
According to the documentation the onChange method is called when the verification is successfull, but only userverify api is called and the server key is not used at all. Should I additionally check the token and call the siteverify api as stated in Google's documentation (https://www.google.com/recaptcha/api/siteverify)?
I tried verifying the token in the onChange method but siteverify always returns empty response.
const response = await fetch(`https://www.google.com/recaptcha/api/siteverify`, {
method: 'post',
mode: 'no-cors',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
secret: RECAPTCHA_SERVER_KEY,
response: token,
}),
})
Should I do this at all, or the verification from ReCAPTCHA component is enough?