jzongker
commented
1 year ago There's one big challenge to consider on this one. Churches will be using custom domains for b1 (hypothetical example: ironwoodchurch.com is an alias for ironwood.b1.church). That means we can not simply provide a white list of domains for third party services that require it, such as recaptcha.
Bots are submitting the B1 donation form in mass to search for valid credit card numbers. Let's add a basic captcha to it.
It doesn't need to be anything particularly robust. Just free (ideally an npm component we can just install) and if possible a simple "check a box" type captcha rather than a puzzle solving one.