XF 2.2 hCaptcha configuration error: sitekey-secret-mismatch

Nirjonadda

Well-known member
Server error log:

Code:
ErrorException: hCaptcha configuration error: sitekey-secret-mismatch src/XF/Error.php:75

Generated by: Unknown account May 24, 2021 at 3:21 AM

Stack trace

#0 src/XF.php(213): XF\Error->logError('hCaptcha config...', false)
#1 src/XF/Captcha/HCaptcha.php(119): XF::logError('hCaptcha config...')
#2 src/XF/Mvc/Controller.php(858): XF\Captcha\HCaptcha->isValid()
#3 src/XF/Pub/Controller/LostPassword.php(27): XF\Mvc\Controller->captchaIsValid()
#4 src/XF/Mvc/Dispatcher.php(350): XF\Pub\Controller\LostPassword->actionIndex(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:LostPassword', 'Index', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\LostPassword), NULL)
#6 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\LostPassword), NULL)
#7 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2337): XF\Mvc\Dispatcher->run()
#9 src/XF.php(488): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}

Request state

array(4) {
  ["url"] => string(15) "/lost-password/"
  ["referrer"] => string(34) "/login/login"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(7) {
    ["email"] => string(23) "@gmail.com"
    ["g-recaptcha-response"] => string(3698) "P0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXNza2V5IjoiTjZXaGt6ZnZVOXV0S0tOekx3b2FjZVJDRTJUSzAzZWswS3ZsOGpRdGNkWUlycEdYSXRtRDY4OEdKdlhOcDVrVjFEczVCYXF3d3Z3RVpGazJmS01mSnpwc3UwTmVRb1VBUWRrSlI2bStnY0RIR3lJQkZEWXJvaHQ3bkZpNzVCU21JMVVnWFZQV3VnaVhnUS9hYnFEWVB3WXQ0NEl6c2VNR2JUM1VFNUgxVnhBV2REWXlCVXhUYU1lcU1NZ3RxSSs4MVBOZ2ZpSUpDaHZodEF1LzRFcVdQcnd0WkZGdDRnclhDTjV5WVQrQTRjSkNkYVcwayt1Rm9sOStuSFIwRWE2T3hCQk1YRnkzd1kwamlYRklqakVObFE5K0xXdFdQbmJtODFocTNubTJTMFJ4R3k4YytrcWE0YnAxbGdHOEJSVmE5YzQ0NHVpVGwwZGdLRUpuS3J3bVpua0U5bDJVZXNwRXBRMVY3UFlnRmNINWNXZWVXT29VTVN4NEhuczVVa2ZZamZPc2lOdUlDWXlwN3piZUplRVFGQkk2NEJ0alpXRnh1eFk1NHltZHJjVTVRaGg3cjBRTnZ0dzFlb0lTcDkrYllsNmwrSWFKWmxVNjhOUlRoeGxZdXpuYXN2WUhSYUNWa0dtWEJtdzJMbDA0bDRFbjlKTWw0UW9sejNSSUNEMlNVM085dDFaaStDZ3R5bk53Qk9ST2tJQ2haK2FMN1NHU3Z1MXpuT1BtamFlK283L2hUQXNWbHdPQjlQMzlDSjlzb2Nza0F3ZVJRdVhSUlRNQUc5Slp3NmNJM2xvbHJ3S0REMlRwNUs1Q2F6Vlc5QUpJNWNpUGxsYXVyQXI0MDUyNzdEaEkxSy9YaThOWjhXWmN0MmdXZklabWhGQjl6ckwzTGdjNWRzUGl0WVhDUnQxRkVDRzZnQTBDRUphdXBDUHBnQUx3c0dDaGRMTzhmS1F3TzNnYVdYSG1Vb3A3cG9XZDUrSFVmSkJ2aUFlV0g5Q2dBOHRaR2E5WUhvRXAzVkhzVTNYZHB4WkhXcVFnSXRKRE5aTjZqL2sxY1lQaFU0RFFBTWppVFlUUVp5SUtBOEZQbm9NQlVYZTd0cHFPL245Qk85YjM3NHFGQ0Y0cnF1TVVUaUFBS3kzdVVsOVpta0hncWZZUnI4M3hvOGRyUm5XUDQrbUJvR0JYTHEwMnVRTVlJbzh4MTFTa2JjRTl0RFdZWVFWNDJpM3AzcUJ2WjI1REk3TmF6RW9LS2V5U0RoRkJiRCthRE1USmdRWkdwSjVDUlVzZDFsZTJmZzN5aE1rbk42VXRVWWhTYnpTRU5JL3hzTW9uQ3hRdVJDNmJncVdHM1Rodkc3VXlYcFFIYjBGV3pFSTdMWitvVUdGbHppNGlxV1lvanQ3LzZsWDdJVG1hQ1NuWVlhdWZCQVk4a3BHLzJhOFJXSXRJZFZXRGl0Y0haTFJnNTB3TjNhMmRnZW1QVlBVNTluVExPaWh6MUVPeHE3UStHR2YrWkVKMVh5ZUNMSmRGYld1SVkrdCtHMzN3UjE5STQ5SmUrbm5MRmpSUWR2UWZiVDhNVk1aR0Z5blFKZWFSbExCMytvNFVMZWQ2elBoRDNzVFhqdUg5RGJ1dm42eWovM3ViVktCZnRKTiswVytkN2IwSXNZcWhVMmVYQ3BCdllFei8wRjNYNlJZZnZ2a3RlTWNQWjRSYVBWazJ0K0hYOFg3cVZ3ZHZYek82Z3NRZXF5WDRDSW5uL2l3bXhBSXF0SXRYY28xQ3ZrQk1FWWJjdU12ZE1DTmpHelQzbkZMV21vQTdOQnFPVkdBVW55YnVZa0swZ1hjWVdlV01Bd0FHbndmOTM1Mmo0Z0FqTWVrdzYzMGljdjBQaHhOOVhGYVJSUTZWL2VucGIzM1JwcEQvMlJ1bUs0ZE9ObFV5RTI2VGxoL21UR2VWZDIzRDJ6ZzkyaWxHYUlSNFhEZkFZVFRWdTBjWjlSSzMzNTFNbmdTYWhGM2Z6SnVoS2k4VkZmVERtc21WOFV5M1FiS09SZ2R3Nm93T3JxUldhbGxXT0dqZHA3bHcvYm1uQ0JhTkVYWDJ0Q3p0VE9paUJ2U010b0pBR3FmVmVqYjhxdEUrTDJUcHBqcVpVTCtodnBMSzlROXFOd0VHMTRTOUhYdHZYRWR5WXdTSjhlcnlWbWlDVVVHam9MZVpibloza0N1SHdzWnlZSURBYndON1FsVXpNSHF5NlRXaE9vVVd0YTZkRTRKOWhvVXgwWFh2a1FKL0R5bWJ3ZE42bzh4N0I1R2gyRGpneng2T3dDZElDM2JDZHZ1OUdPWWdmaTBaYVhndHZjVStEM2lZSWJmYXlOUXpiRVlRamg5R3VQSmNDc2ZIa25haFp6aThmNVNyMjlLbnlZVjA5ZTJ6RUY1bTRFM1BOdTJRR0x0NXQxMnZFckRmczAyN1ljcWlUT3JBKzRicHdwVFlEcnlCZWFSSk40VEVIVGZVdmRsU3o5Sy9USWJESUprdUFiUlFONk1za0s3Y1o2TFZvV0tjVXI0V2pVTDVVbDNSU2pkS1Jjd3ppN2tMRzZHVm9kREFXNUUwVSt3S3VIM0xzUTU1aXNoVk5RKytTMWUwREJkSDRJME5VdGV2RnNqVVRpYWpvbExoM1greVdWeEJIT2tzSHcrQ2tYMW1BZlk0cmVUbDNaeHN6d3J4Vi9yd1E1U2ZKeUZpbDRjOWplVlhXYkxpbVA2QlNQN3NYdTc2US9TWlhkM3Q5Wm04c1YxS2JpQVNaeWZTNlJNeGN1endXNmpuUEVqeHFremU1aElzTm1RcUg4a0h0Q01temZYNEV4SDZnU29IaUxEeSt0SmtFOG4yVjZUalYrUzlqMFJJSzU4NVl0b2VCTlRVZmEzRDNjdXpLYkl4KzZSZWJwUDUxekRDM2V2MTQ2bVNwTFAyZW5IcWgweXJORWlpeHBJU0pLUSs0Mktrd0Z5bjRxKzVnd0NCb3FZR2xyN3g3dDJwOFVTSmN1ZzhneWtVbjM4V2xGd1lOR2xXN3Y2NkNETEFiZ2FnV0RLS3QxdHFIakRqbWU2aEI1QllVOGJZWmVrOGl5MzdRMHpxMWpoZ3R1ZzNLM0RSQ0M0dWNyVjFQU3hpUzJyaDJPcFhoZGZJSXlGWUllSFZGOFRvbjRhREd0MnM3YXhRTitnbHgyYU9sL3l2MVE2VDl2cXJaZWlYdnRzSk53dlBKekxCLytJOENHZC9Qd1FNMDlaWUp2ZFRDQ0wzaW9KTEV5NFFzaHNETFZPdDJuWmZaRk9DZ1VoTHdiQy9xNVl4Ky9nYTBvZFJBYzVGemE3OGVtSmY2dGJqMG5ic2dXTDR2YkpkbW5HdE5FOUQvY05NSFVWQXJwamRtMndHd3REOGd2cTJpUC9TbDU4NTRGdVhwWFJ4eENNZ0JtTzN0bXFYYk1zNzk5a2RJVGJBS2ZBQUJOT093YjNxMHhrcUJFYWdxY3B4bFJhcEVBUHJ3dUFxTG50YTV3d0hTVFdERXUzSFRqUT1Samk4d21mdUx2YW1nUHVRIiwiZXhwIjoxNjIxODA1MDMwLCJzaGFyZF9pZCI6NTM1NzY1NTksInBkIjowfQ.nQ9bpUyI8kIJl8K6HA9GV-Rb1gVyhYBEF9sA_WGlpL8"
    ["h-captcha-response"] => string(3698) "P0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXNza2V5IjoiTjZXaGt6ZnZVOXV0S0tOekx3b2FjZVJDRTJUSzAzZWswS3ZsOGpRdGNkWUlycEdYSXRtRDY4OEdKdlhOcDVrVjFEczVCYXF3d3Z3RVpGazJmS01mSnpwc3UwTmVRb1VBUWRrSlI2bStnY0RIR3lJQkZEWXJvaHQ3bkZpNzVCU21JMVVnWFZQV3VnaVhnUS9hYnFEWVB3WXQ0NEl6c2VNR2JUM1VFNUgxVnhBV2REWXlCVXhUYU1lcU1NZ3RxSSs4MVBOZ2ZpSUpDaHZodEF1LzRFcVdQcnd0WkZGdDRnclhDTjV5WVQrQTRjSkNkYVcwayt1Rm9sOStuSFIwRWE2T3hCQk1YRnkzd1kwamlYRklqakVObFE5K0xXdFdQbmJtODFocTNubTJTMFJ4R3k4YytrcWE0YnAxbGdHOEJSVmE5YzQ0NHVpVGwwZGdLRUpuS3J3bVpua0U5bDJVZXNwRXBRMVY3UFlnRmNINWNXZWVXT29VTVN4NEhuczVVa2ZZamZPc2lOdUlDWXlwN3piZUplRVFGQkk2NEJ0alpXRnh1eFk1NHltZHJjVTVRaGg3cjBRTnZ0dzFlb0lTcDkrYllsNmwrSWFKWmxVNjhOUlRoeGxZdXpuYXN2WUhSYUNWa0dtWEJtdzJMbDA0bDRFbjlKTWw0UW9sejNSSUNEMlNVM085dDFaaStDZ3R5bk53Qk9ST2tJQ2haK2FMN1NHU3Z1MXpuT1BtamFlK283L2hUQXNWbHdPQjlQMzlDSjlzb2Nza0F3ZVJRdVhSUlRNQUc5Slp3NmNJM2xvbHJ3S0REMlRwNUs1Q2F6Vlc5QUpJNWNpUGxsYXVyQXI0MDUyNzdEaEkxSy9YaThOWjhXWmN0MmdXZklabWhGQjl6ckwzTGdjNWRzUGl0WVhDUnQxRkVDRzZnQTBDRUphdXBDUHBnQUx3c0dDaGRMTzhmS1F3TzNnYVdYSG1Vb3A3cG9XZDUrSFVmSkJ2aUFlV0g5Q2dBOHRaR2E5WUhvRXAzVkhzVTNYZHB4WkhXcVFnSXRKRE5aTjZqL2sxY1lQaFU0RFFBTWppVFlUUVp5SUtBOEZQbm9NQlVYZTd0cHFPL245Qk85YjM3NHFGQ0Y0cnF1TVVUaUFBS3kzdVVsOVpta0hncWZZUnI4M3hvOGRyUm5XUDQrbUJvR0JYTHEwMnVRTVlJbzh4MTFTa2JjRTl0RFdZWVFWNDJpM3AzcUJ2WjI1REk3TmF6RW9LS2V5U0RoRkJiRCthRE1USmdRWkdwSjVDUlVzZDFsZTJmZzN5aE1rbk42VXRVWWhTYnpTRU5JL3hzTW9uQ3hRdVJDNmJncVdHM1Rodkc3VXlYcFFIYjBGV3pFSTdMWitvVUdGbHppNGlxV1lvanQ3LzZsWDdJVG1hQ1NuWVlhdWZCQVk4a3BHLzJhOFJXSXRJZFZXRGl0Y0haTFJnNTB3TjNhMmRnZW1QVlBVNTluVExPaWh6MUVPeHE3UStHR2YrWkVKMVh5ZUNMSmRGYld1SVkrdCtHMzN3UjE5STQ5SmUrbm5MRmpSUWR2UWZiVDhNVk1aR0Z5blFKZWFSbExCMytvNFVMZWQ2elBoRDNzVFhqdUg5RGJ1dm42eWovM3ViVktCZnRKTiswVytkN2IwSXNZcWhVMmVYQ3BCdllFei8wRjNYNlJZZnZ2a3RlTWNQWjRSYVBWazJ0K0hYOFg3cVZ3ZHZYek82Z3NRZXF5WDRDSW5uL2l3bXhBSXF0SXRYY28xQ3ZrQk1FWWJjdU12ZE1DTmpHelQzbkZMV21vQTdOQnFPVkdBVW55YnVZa0swZ1hjWVdlV01Bd0FHbndmOTM1Mmo0Z0FqTWVrdzYzMGljdjBQaHhOOVhGYVJSUTZWL2VucGIzM1JwcEQvMlJ1bUs0ZE9ObFV5RTI2VGxoL21UR2VWZDIzRDJ6ZzkyaWxHYUlSNFhEZkFZVFRWdTBjWjlSSzMzNTFNbmdTYWhGM2Z6SnVoS2k4VkZmVERtc21WOFV5M1FiS09SZ2R3Nm93T3JxUldhbGxXT0dqZHA3bHcvYm1uQ0JhTkVYWDJ0Q3p0VE9paUJ2U010b0pBR3FmVmVqYjhxdEUrTDJUcHBqcVpVTCtodnBMSzlROXFOd0VHMTRTOUhYdHZYRWR5WXdTSjhlcnlWbWlDVVVHam9MZVpibloza0N1SHdzWnlZSURBYndON1FsVXpNSHF5NlRXaE9vVVd0YTZkRTRKOWhvVXgwWFh2a1FKL0R5bWJ3ZE42bzh4N0I1R2gyRGpneng2T3dDZElDM2JDZHZ1OUdPWWdmaTBaYVhndHZjVStEM2lZSWJmYXlOUXpiRVlRamg5R3VQSmNDc2ZIa25haFp6aThmNVNyMjlLbnlZVjA5ZTJ6RUY1bTRFM1BOdTJRR0x0NXQxMnZFckRmczAyN1ljcWlUT3JBKzRicHdwVFlEcnlCZWFSSk40VEVIVGZVdmRsU3o5Sy9USWJESUprdUFiUlFONk1za0s3Y1o2TFZvV0tjVXI0V2pVTDVVbDNSU2pkS1Jjd3ppN2tMRzZHVm9kREFXNUUwVSt3S3VIM0xzUTU1aXNoVk5RKytTMWUwREJkSDRJME5VdGV2RnNqVVRpYWpvbExoM1greVdWeEJIT2tzSHcrQ2tYMW1BZlk0cmVUbDNaeHN6d3J4Vi9yd1E1U2ZKeUZpbDRjOWplVlhXYkxpbVA2QlNQN3NYdTc2US9TWlhkM3Q5Wm04c1YxS2JpQVNaeWZTNlJNeGN1endXNmpuUEVqeHFremU1aElzTm1RcUg4a0h0Q01temZYNEV4SDZnU29IaUxEeSt0SmtFOG4yVjZUalYrUzlqMFJJSzU4NVl0b2VCTlRVZmEzRDNjdXpLYkl4KzZSZWJwUDUxekRDM2V2MTQ2bVNwTFAyZW5IcWgweXJORWlpeHBJU0pLUSs0Mktrd0Z5bjRxKzVnd0NCb3FZR2xyN3g3dDJwOFVTSmN1ZzhneWtVbjM4V2xGd1lOR2xXN3Y2NkNETEFiZ2FnV0RLS3QxdHFIakRqbWU2aEI1QllVOGJZWmVrOGl5MzdRMHpxMWpoZ3R1ZzNLM0RSQ0M0dWNyVjFQU3hpUzJyaDJPcFhoZGZJSXlGWUllSFZGOFRvbjRhREd0MnM3YXhRTitnbHgyYU9sL3l2MVE2VDl2cXJaZWlYdnRzSk53dlBKekxCLytJOENHZC9Qd1FNMDlaWUp2ZFRDQ0wzaW9KTEV5NFFzaHNETFZPdDJuWmZaRk9DZ1VoTHdiQy9xNVl4Ky9nYTBvZFJBYzVGemE3OGVtSmY2dGJqMG5ic2dXTDR2YkpkbW5HdE5FOUQvY05NSFVWQXJwamRtMndHd3REOGd2cTJpUC9TbDU4NTRGdVhwWFJ4eENNZ0JtTzN0bXFYYk1zNzk5a2RJVGJBS2ZBQUJOT093YjNxMHhrcUJFYWdxY3B4bFJhcEVBUHJ3dUFxTG50YTV3d0hTVFdERXUzSFRqUT1Samk4d21mdUx2YW1nUHVRIiwiZXhwIjoxNjIxODA1MDMwLCJzaGFyZF9pZCI6NTM1NzY1NTksInBkIjowfQ.nQ9bpUyI8kIJl8K6HA9GV-Rb1gVyhYBEF9sA_WGlpL8"
    ["_xfToken"] => string(8) "********"
    ["_xfRequestUri"] => string(12) "/login/login"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
Is this happening for every CAPTCHA that is being completed? If you attempt to trigger a lost-password request like this user did, do you get the error then?

Could this have been some transient error while you were setting HCaptcha up with your own configuration? It looks like you may have registered with HCaptcha and you're now using your own site key and secret, is that correct?
 
Is this happening for every CAPTCHA that is being completed? If you attempt to trigger a lost-password request like this user did, do you get the error then?

Today I am get this Server error log in Admin CP. I am not seen hCaptcha verification in /lost-password/ page.

Could this have been some transient error while you were setting HCaptcha up with your own configuration? It looks like you may have registered with HCaptcha and you're now using your own site key and secret, is that correct?

Yes I am using own site key and secret.

ScreenShot00269.webp

ScreenShot00268.webp
 
If you're using your own keys, double check to make sure they are correct -- we don't have any errors logged here and this is the first time we've heard of this, so it fits with some sort of misconfiguration (though it shouldn't suddenly break) or a temporary hCaptcha issue.

The error being reported is the direct hCaptcha error code in this case.
 
Actually, I did just discover some errors logged on our main site that are the same issue. Based on timing, it was definitely a temporary issue on their end. If you're not having any problems/errors now, you can disregard it.
 
Anyone else had this issue? I was just about to open a thread, and noticed I've got the same error -

  • ErrorException: hCaptcha configuration error: sitekey-secret-mismatch
  • src/XF/Error.php:77
  • Generated by: Unknown account
  • Feb 12, 2022 at 6:31 PM

Stack trace​

#0 src/XF.php(218): XF\Error->logError('hCaptcha config...', false)
#1 src/XF/Captcha/HCaptcha.php(122): XF::logError('hCaptcha config...')
#2 src/XF/Mvc/Controller.php(883): XF\Captcha\HCaptcha->isValid()
#3 src/addons/OzzModz/VerifyEmail/XF/Pub/Controller/Register.php(51): XF\Mvc\Controller->captchaIsValid()
#4 src/XF/Mvc/Dispatcher.php(352): OzzModz\VerifyEmail\XF\Pub\Controller\Register->actionWithoutVerificationCode(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('OzzModz\\VerifyE...', 'WithoutVerifica...', Object(XF\Mvc\RouteMatch), Object(OzzModz\VerifyEmail\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(OzzModz\VerifyEmail\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2351): XF\Mvc\Dispatcher->run()
#9 src/XF.php(517): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}

I can see on my dashboard for hCaptcha that there's a site key, but not a secret key.. Am I missing something? Might be as above - just a temporary issue. Just wanted to make sure I'm not going mad (which is quite possible)!
 
Anyone else had this issue? I was just about to open a thread, and noticed I've got the same error -



I can see on my dashboard for hCaptcha that there's a site key, but not a secret key.. Am I missing something? Might be as above - just a temporary issue. Just wanted to make sure I'm not going mad (which is quite possible)!
The secret key is in your account setting.
 
Well... still temporary then, because it happened again, couple of times alraedy. Change the secret key with a new one because there was a different one in my account. Then a week nothing and today again.
Odd.
 
We are seeing dozens of these errors at the moment from the contact form.

In our case looking at the contact and message in the "Request State", they are all coming from spammers, so presumably bots doing the posting.
 
I woke up to seeing these errors as well. Checked my site keys and all are correct.
Same here on the contact form... and it WAS a spam contact that triggered it, so I have to wonder if it's a "problem" with the spam bot that they use causing a trigger to occur?
 
Top Bottom