boris-hocde
commented
3 years ago Finally this makes this plugin useful, I'm going to test this right now :)
IMO the apiSecret & token verification call should be completely removed from here. The secret must be kept secret, and should not be distributed to final users.
I wanted to use this plugin but I only need the response of the captcha challenge. These changes make apiSecret optional as the signature will not be validated locally but on a server. Also both callbacks now return the result of the token challenge