search

sepiariver / recaptchav2

Google's ReCaptcha V2 + V3 for MODX CMS: https://sepiariver.com/modx/recaptchav2-supports-recaptchav3/
https://sepiariver.com/
GNU General Public License v2.0
21 stars 15 forks source link

Timeout with ReCaptcha on pageload #52

Closed darQrrR closed 3 years ago

darQrrR commented 3 years ago

By generating the token on pageload, the form has to be filled out within 2 minutes: https://developers.google.com/recaptcha/docs/verify

We set an autorefresh of the token within the tpl, maybe something you want to implement.

sepiariver commented 3 years ago

Did you observe that happening using V3? I’ve read the invisible Re captcha is supposed to detect user interactions and “just work”? Also the documentation on refreshing seems to all be with respect to V2 which implies V3 doesn’t need it, but I guess the .execute() function can be called again on a timer—was that what you did?

(I think I would add the approach to the docs or a blog post rather than try to change the implementation for every install. What do you think?)

darQrrR commented 3 years ago

Happens with V3, not sure if the same problem occurs with V2 as well. And yes, we implemented a refresh of the token via timer but creating the token on submit would be the proper solution I guess.

I'd implement it within the package so it is solved for good but having it mentioned somewhere, would at least help those people facing this problem in the future. Entirely up to you :)

rabesocke commented 3 years ago

I have the same problem with V3 on a client site.

Google itself recommend to get the token when submitting the form (https://developers.google.com/recaptcha/docs/v3).

At the moment I solve this issue with a refresh timer (like darQrrR).

sepiariver commented 3 years ago

Ok this seems like a good candidate for a guide or some documentation with code examples. Hopefully will have a chance over the holidays to write that up

sepiariver commented 3 years ago

Hopefully this will help: https://sepiariver.com/modx/a-guide-to-recaptcha-v3-for-modx-cms/

steffan-culd commented 2 years ago

I managed to solve it like this: `

` Instead of using a submit button, I add a 'regular' button (without type="submit") and check when it's clicked. Before submitting the form I execute the grecaptcha and then submit the form. Any remarks or ideas?
sepiariver commented 2 years ago

Yep this works. Since the user is invoking it when they click to submit the form, there should be very little chance that they will time out. The call to recaptcha is blocking but that seems to be fast, generally.