Skip to content

reCaptcha unhandled upstream errors #341

Open
Open
reCaptcha unhandled upstream errors#341
@SamJUK

Description

@SamJUK
SamJUK
opened on Jun 26, 2025

Overview

Monitoring has flagged some 503 responses, being caused due to upstream availability issues with Google Recaptcha.

The default for the reCaptcha SDK is to use file_get_contents, which triggers an E_WARNING in the case of a 502. Which I don't believe there is an easy way to catch this downstream?

ReCaptcha does provide a curl method, which handles 502's better (see example POC below), despite still not exposing the curl handler/errors. Which we would specify when create the ReCaptcha class.

public function isValid(string $reCaptchaResponse, ValidationConfigInterface $validationConfig): ValidationResult
{
    /** @var ReCaptcha $reCaptcha */
    $reCaptcha = $this->reCaptchaFactory->create([
        'secret' => $validationConfig->getPrivateKey(),
        'requestMethod' => new \ReCaptcha\RequestMethod\CurlPost()
    ]);
    ....
}

Request Method POC

<?php 
# Save to a PHP File, and run via the CLI. 
# `php poc.php contents` - To test file_get_contents (current)
# `php poc.php curl`     - To test curl method

error_reporting(E_ALL);
const ENDPOINT = 'https://httpstatuses.maor.io/502';

switch (@$argv[1]) {
  case "curl":
	$ch = curl_init(ENDPOINT);
	curl_setopt_array($ch, array(
	    CURLOPT_POST => true,
	    CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded'),
	    CURLINFO_HEADER_OUT => false,
	    CURLOPT_HEADER => false,
	    CURLOPT_RETURNTRANSFER => true,
	    CURLOPT_SSL_VERIFYPEER => true
	));
	$r = curl_exec($ch);
	curl_close($ch);
	echo $r !== false ? "Response: $r" : "Response: False";
	break;
  case "contents":
	echo file_get_contents(ENDPOINT);
    break;
  default:
    echo "[!] Unknown option\nUsage: php {$argv[0]} [curl|contents]";
    break;
}

Stack Trace

{
    "0":"Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify): Failed to open stream: HTTP request failed! HTTP/1.1 502 Bad Gateway\r in /recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 80",
    "1":"
    #1 file_get_contents() called at [vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php:80]
    #2 ReCaptcha\RequestMethod\Post->submit() called at [vendor/google/recaptcha/src/ReCaptcha/ReCaptcha.php:170]
    #3 ReCaptcha\ReCaptcha->verify() called at [vendor/magento/module-re-captcha-validation/Model/Validator.php:68]
    #4 Magento\ReCaptchaValidation\Model\Validator->isValid() called at [generated/code/Magento/ReCaptchaValidation/Model/Validator/Interceptor.php:23]
    #5 Magento\ReCaptchaValidation\Model\Validator\Interceptor->isValid() called at [vendor/magento/module-re-captcha-ui/Model/RequestHandler.php:119]
    #6 Magento\ReCaptchaUi\Model\RequestHandler->execute() called at [vendor/magento/module-re-captcha-customer/Observer/LoginObserver.php:78]
    #7 Magento\ReCaptchaCustomer\Observer\LoginObserver->execute() called at [vendor/magento/framework/Event/Invoker/InvokerDefault.php:88]
    #8 Magento\Framework\Event\Invoker\InvokerDefault->_callObserverMethod() called at [vendor/magento/framework/Event/Invoker/InvokerDefault.php:74]
    #9 Magento\Framework\Event\Invoker\InvokerDefault->dispatch() called at [vendor/magento/framework/Event/Manager.php:65]
    #10 Magento\Framework\Event\Manager->dispatch() called at [generated/code/Magento/Framework/Event/Manager/Proxy.php:105]
    #11 Magento\Framework\Event\Manager\Proxy->dispatch() called at [vendor/magento/framework/App/FrontController.php:277]
    #12 Magento\Framework\App\FrontController->dispatchPreDispatchEvents() called at [vendor/magento/framework/App/FrontController.php:211]
    #13 Magento\Framework\App\FrontController->processRequest() called at [vendor/magento/framework/App/FrontController.php:146]
    #14 Magento\Framework\App\FrontController->dispatch() called at [vendor/magento/framework/Interception/Interceptor.php:58]
    #15 Magento\Framework\App\FrontController\Interceptor->___callParent() called at [vendor/magento/framework/Interception/Interceptor.php:138]
    #16 Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/module-store/App/FrontController/Plugin/RequestPreprocessor.php:99]
    #17 Magento\Store\App\FrontController\Plugin\RequestPreprocessor->aroundDispatch() called at [vendor/magento/framework/Interception/Interceptor.php:135]
    #18 Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/module-page-cache/Model/App/FrontController/BuiltinPlugin.php:76]
    #19 Magento\PageCache\Model\App\FrontController\BuiltinPlugin->aroundDispatch() called at [vendor/magento/framework/Interception/Interceptor.php:135]
    #20 Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/framework/Interception/Interceptor.php:153]
    #21 Magento\Framework\App\FrontController\Interceptor->___callPlugins() called at [generated/code/Magento/Framework/App/FrontController/Interceptor.php:23]
    #22 Magento\Framework\App\FrontController\Interceptor->dispatch() called at [vendor/magento/framework/App/Http.php:116]
    #23 Magento\Framework\App\Http->launch() called at [vendor/magento/framework/Interception/Interceptor.php:58]
    #24 Magento\Framework\App\Http\Interceptor->___callParent() called at [vendor/magento/framework/Interception/Interceptor.php:138]
    #25 Magento\Framework\App\Http\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/module-application-performance-monitor/Plugin/ApplicationPerformanceMonitor.php:38]
    #26 Magento\ApplicationPerformanceMonitor\Plugin\ApplicationPerformanceMonitor->aroundLaunch() called at [vendor/magento/framework/Interception/Interceptor.php:135]
    #27 Magento\Framework\App\Http\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/framework/Interception/Interceptor.php:153]
    #28 Magento\Framework\App\Http\Interceptor->___callPlugins() called at [generated/code/Magento/Framework/App/Http/Interceptor.php:23]
    #29 Magento\Framework\App\Http\Interceptor->launch() called at [vendor/magento/framework/App/Bootstrap.php:264]
    #30 Magento\Framework\App\Bootstrap->run() called at [pub/index.php:30]",
    "url":"/customer/account/loginPost/",
    "script_name":"/index.php",
    "report_id":"293870b77f5eecf881ec753b12fff865e0255f2003fde954eaae780e03e82321"
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions