Autofill passing in Production

[bumper21]

I'm using gem 'invisible_captcha', '~> 1.1.0' since the App is Rails 4.2.

I went simple just putting =invisible_captcha on the forms where it was required and the basic invisible_captcha only: [:create] in the controller.

It seems to work in development, but in Production, it doesn't have the same effect.

If I... Autofill the form, then change the email address, it works as intended. But if I... Autofill the form and submit it just sends.

Any tips?

[markets]

hi @bumper21 👋🏼

I use this gem in several Rails apps, in production, with no problems. It has more than 6M of downloads, so it seems to work well in production for more people as well. So, you may have a problem with your current integration or other code in your app, but hardly caused by invisible_captcha (the gem doesn't do any differentiation between environments). In order to move forwards with this issue we'll need an example app that reproduces the error (https://www.codetriage.com/example_app).

[bumper21]

Hi @markets Unfortunately, this issue came up with one of the legacy projects I do a few hours of work on every month. I won't have time to reproduce the issue at length via an example app.

I navigated to the sign-up page (Has quite a few fields), removed the CSS (removed the HTML head), auto-filled the form, and on hitting sign-up it created the account when it shouldn't have. I used the most basic implementation available via the docs, 2 lines of code I think.

It's possible I may have missed something so I'll give it another shot this weekend with this gem, in the meantime, my custom honeypot fix was enough to stop the botting issue.