Open wood-chris opened 3 years ago
I've had a quick look at the code (https://github.com/ckan/ckan/blob/master/ckan/templates/user/snippets/recaptcha.html) - I can't find any reference to https://www.google.com/recaptcha/api/fallback?
in any of the reCaptcha docs. I thought it might be an old v1 URL that is technically deprecated but still returns a v2 challenge? But https://codepen.io/pdxnam/pen/RGOqKJ suggests it is valid v2 to support browsers without js
@smotornyuk was the last person to update the code, maybe he can remember what he did & why he used the URL
As far as I remember, I wasn't able to found details about this fallback URL in official docs, but there were some details about it in old google-threads. And I think that I've tested it with keys for v2-captcha and it looked valid.
As for the support of different captcha types, it's a really great idea. And, maybe, it won't take much effort to extract it from the user form and implement some common way to integrate recaptcha challenge and validation into any form through the app. I'm sure that there are use-cases when one wants to protect dataset creation form with captcha, for example
If I get a chance I'll try and update the code to at least support both types of v2, and maybe v3 - probably only starting for the registration form though
The reCaptcha config option does currently work relatively well, but regardless of the type of v2 reCaptcha you specify (
tickbox
orinvisible
) it always falls back to tickbox, and v3 doesn't seem to be supported at all.I don't think it'd be much work to upgrade the reCaptcha code to support both types of v2, and v3.