search

markets / invisible_captcha

🍯 Unobtrusive and flexible spam protection for Rails apps
https://rubygems.org/gems/invisible_captcha
MIT License
1.16k stars 66 forks source link

Potential spam detected for IP 127.0.0.1. Invisible Captcha timestamp not found in session. #88

Closed joshm1204 closed 3 years ago

joshm1204 commented 3 years ago

When I change my form to remote: true, I get the following error:

Potential spam detected for IP 127.0.0.1. Invisible Captcha timestamp not found in session.

markets commented 3 years ago

Hello @joshm1204, this is weird, I use the remote: true + invisible_captcha combination in several apps with no problems. The timestamp is automatically set up when calling the view helper:

https://github.com/markets/invisible_captcha/blob/8824e31059dd88bb786f4fb0e899aafdff3a5a41/lib/invisible_captcha/view_helpers.rb#L14

Then, it's checked this way:

https://github.com/markets/invisible_captcha/blob/8824e31059dd88bb786f4fb0e899aafdff3a5a41/lib/invisible_captcha/controller_ext.rb#L54-L60

So, it seems the helper is not being called in your case, maybe browser cache? maybe some specific js in your app?

joshm1204 commented 3 years ago

After more testing, it seems to occur after the second submit. So the first submit after the page load works, but not the second or third. It seems I may need to reload the form via ajax. Any recommendations how you would handle it?

markets commented 3 years ago

Ok! Yep, probably the best way is to re-render the form in the ajax response, since the view helper needs to set the new timestamp in the session, as commented before:

https://github.com/markets/invisible_captcha/blob/8824e31059dd88bb786f4fb0e899aafdff3a5a41/lib/invisible_captcha/view_helpers.rb#L14

Alternatively, you can disable the timestamp check for that action via timestamp_enabled: false in the controller macro (you can disable it globally too via an initializer).