Issue with the Google reCaptcha field

  • Profile Image
    Asked on May 18, 2021 at 01:32 PM

    Whenever I try to embed a form using the script method, I get an 'Invalid domain for site key' error. I've tried embedding the form on multiple sites, and get the same error every time

  • Profile Image
    Answered on May 18, 2021 at 05:22 PM

    Thank you for contacting us. Our forms are secure by default, I see it has been embedded in a non-secure site:


    If the issue persists after making your site secure, please try embedding it with the Iframe method:

  • Profile Image
    Answered on May 18, 2021 at 05:31 PM

    Just to clarify. It doesn't work on https either which you can confirm:

    We've tested this on multiple sites, all with forced https and the Jotform embed simply does not work with Google reCaptcha. https is not the issue.

    This test link was just set up as the most vanilla way to test the Jotform Google reCaptcha integration on a simple html page using a domain that has never had Google reCaptcha associated with it and it still does not work.

    From reading all the same people with the same issue and the same reply from support being to use the iFrame integration, it seems clear to me that the only way for Google reCaptcha to work on Jotform is to use the iFrame option.

    Unless someone can prove me otherwise, the Google reCaptcha option for Jotform only works if you use the iFrame integration. That's fine. I just wish it was more clear that this is the case. Every help support message from Jotform regarding this same Google reCapcha issue tells the user to just use the iFrame option.

  • Profile Image
    Answered on May 18, 2021 at 06:58 PM

    I have searched online(example), and it seems that this issue occurs when the domain name is not authorized. Using Iframe works since it is isolated from your site.

    If you do not want to use Iframe, please consult this with your webmaster, so you can try getting your domain name authorized:

  • Profile Image
    Answered on June 03, 2021 at 06:55 PM

    Just FYI, when you authorize a domain via the Google reCaptcha admin system in the manner you describe, that domain is tied in to a unique Site Key and Secret Key. Since the Jotform system does NOT allow users to enter in a Google reCaptcha Site Key or Secret Key or domain name when adding Google reCaptcha to a particular Jotform, it is impossible to get a "domain name authorized" via the method described.

    This is why I believe that only the iFrame method for embedding a Jotform with Google reCaptcha works as expected. Since Jotform controls the domain when using an iFrame embed, the Google reCatpcha works with the Site Key and Secret Key that Jotform has associated with the Jotform domain.

    Looking into this further, there is some issue with how Jotform implements their script embed option that is causing the domain not to be authorized. All the Jotform script embed does is inject an iFrame with the form into the page anyways. So why does the exact form created with Jotform on the same domain work fine with the iFrame embed option but not the Script embed option that injects an iFrame?

    Something is not working right and since the script embed just injects an iFrame into the html of the page anyways I suppose it's not a huge issue but I don't think Jotform is being transparent about how the Google reCaptcha option is working.

  • Profile Image
    Answered on June 04, 2021 at 04:41 AM

    It looks like it might have something to do with the generated iFrame code by the script embed code which does not have an src.


    Nevertheless, I have forwarded this to our backend team so they can check on this further. You will be notified here as soon as there is any update.