The reCAPTCHA HTTPS API URL has been moved. More information here:!topic/recaptcha/V7qswqBnA1o

D6 patch to follow.


pifantastic’s picture

Patch for 6.x-1.x that corrects the URL for the secure API.

Aaron Stanush’s picture

You can read more about the changes here:!topic/recaptcha/V7qswqBnA1o

codycraven’s picture

Priority: Major » Critical
Status: Active » Reviewed & tested by the community

Confirmed working. The API address change prevents recaptcha from working without this patch preventing any users without bypass captcha from submitting the form. Elevated to critical for this reason.

quinns’s picture


j0nathan’s picture


LGLC’s picture

Thanks for the patch - it worked a treat.

divbox’s picture

patch works

mlaw’s picture

Patch works. Thanks.

mvc’s picture

Status: Reviewed & tested by the community » Needs review
4.81 KB

*sigh* this is exactly why modules shouldn't ship with included libraries.

here's a patch which actually upgrades the bundled copy of recaptchalib.php to the latest version, 1.11, from there are changes to several other URLs as well.

that said, this library doesn't declare a version number in a constant, so even if this library was unbundled this module wouldn't be able to easily check for the right version. i've reported this issue upstream:
if google fixes that, we can patch this to unbundle the library and place it in sites/all/libraries, like the wysiwyg module does.

chadhester’s picture

I can confirm that the patch worked with 6.x-1.5. Thanks!

iva2k’s picture

Status: Needs review » Needs work

The patch should get rid of the last


(Even if the upstream changes have the closing PHP tag). In Drupal the convention is to ommit last closing PHP tag at the end of the file, so any end-of-line characters won't create "headers already sent" situation.

I've tested without closing tag.

Confirm, patch works. If not the closing tag, would state RTBC.

mvc’s picture

Status: Needs work » Needs review
4.8 KB

*shrug* okay, here you go

iva2k’s picture

Status: Needs review » Reviewed & tested by the community

Great! Tested and works - fixes the problem.

pounard’s picture

Nice I did use this patch and it works well. It'd be cool to have a stable release soon enough to avoid keeping a patched version of this module on production sites.

mvc’s picture

Status: Reviewed & tested by the community » Needs review
7.3 KB

I've just noticed that this patch isn't complete, since a URL is hardcoded in the .module file too: #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers

This new patch fixes that as well; please test.

mvc’s picture

7.3 KB

oops, i forgot to remove ?> , please use this version

atodorov’s picture

6.69 KB

I see that folks have produced various patches. I'm attaching my own patch which I created before finding this ticket. It updates recaptchalib.php to 1.11 (which updates the urls) and also updates URLs in recaptcha_mailhide.module and recaptcha.module.

Edit: forgot to mention that this patch is against version 6.x-1.5

dstol’s picture


RobLoach’s picture

Version: 6.x-1.x-dev » 7.x-1.x-dev
Component: General » reCAPTCHA Captcha
Assigned: Unassigned » RobLoach
Status: Needs review » Patch (to be ported)
RobLoach’s picture

Status: Patch (to be ported) » Fixed

Oh, this is already part of Drupal 7 :-).

pounard’s picture

Nice, thanks for the release.

mvc’s picture

Priority: Critical » Normal
Status: Fixed » Needs review
7.58 KB

actually, a few URLs still need to be changed in 7.x-1.x-dev. among other things this is required for #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers. some of these URLs are currently being redirected by google, but not all.

Vacilando’s picture


RobLoach’s picture

Status: Needs review » Fixed
avskip’s picture


Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.