Closed chrgthb closed 2 weeks ago
(Just another thought.. it will be good if the design could somehow prevent check the widget with automatized keyboard / mouse macro. I don't know the right solution, but now with TAB-TAB-TAB-SPACE or mouse macro robots can easily check the "I'm not a robot" checkbox within a second.)
Hi, the email
is being processed separately from the fields, so would need to add an extra check for the email (simply to check the equality with submitted data, because the whole payload is signed). But it doesn't hurt if the email field is added to the fields as well, this would make it appear in the fields for easier verification. I'll update the widget to do that automatically.
To the other suggestion: the widget is and the PoW mechanism are designed to be accessible, this includes automated environments, and automated test frameworks. Such prevention would go against the core functionality and goals.
Yes, I saw the email field in the payload.verificationData, which contains the important part of the value (@example.com). I just thought it could be easier to check if the fields are untouched after verification, if all the fields and the hashed data is there. But I understand if that's not an important data.
Thanks!
The email field is not added to the fields
for simpler verification (version 0.5.0
).
The previous change from version 0.5.0
has been reverted in 0.5.1
due to unexpected behavior with the email field (the email is sent anonymized by default, thus it should not appear in the fields
payload by default). To include the email field into fields
, configure the list of input names using the spamfilter.fields: string[]
option - docs.
The payload.verificationData "fields" doesn't contain the email field. So I can't verify if the e-mail has changed after the verification.
And please check if the API documentation is correct. At API\PoW Challenges #Validating Server Signature the API reference link refers to Verify Solution. So we don't have any info to do the Validating Server Signature with free API key.
Best regards, christ