Issue with honypot and Blitz

[Megafry]

What happened?

We discovered an issue with the Honeypot setting Bypass All Spam Checks for Logged in Users and Blitz.

Wenn the redactor opens the page for a preview the form is generated widout Honeypot, Blitz is immediately caching the page.

All submissions from this form will be marked with Honeypot check failed because the field is missing.

The code which checks for logged in users should be moved to the validateFormHoneypot() function.

public function validateFormHoneypot(FormValidateEvent $event){
...
if ($this->getSettingsService()->getSettingsModel()->bypassSpamCheckOnLoggedInUsers && \Craft::$app->getUser()->id) {
    return;
}
...
}

Errors and Stack Trace (if available)

No response

How can we reproduce this?

1. Install blitz to cache pages
2. Enable the setting Bypass All Spam Checks for Logged in Users
3. Place the form on a page
4. View the page with a logged-in user (disable the debug bar)
5. Blitz is caching the page widout Honeypot (Check the Cached by Blitz comment at the end of the HTML)
6. Open the same page in another browser (check if you got the page from the Blitz cache)
7. Fill out the form and submit
8. The submission has been fledged with Honeypot check failed

I haven't checked the other Spam protection mechanisms.

Freeform Edition

Pro

Freeform Version

4.8.9

Craft Version

4.10

When did this issue start?

Fresh install of Freeform

Previous Freeform Version

No response

[kjmartens]

Sorry for the delay and the trouble @Megafry.

We'll check into this and resolve it shortly. 🙂

[kjmartens]

Hi again @Megafry,

Can you confirm which exact version of Freeform you're using? 4.8.9 doesn't exist as a valid version.

[Megafry]

Sorry, the last v4 (4.1.19)

[seandelaney]

Hello @Megafry :)

~Is it possible to send me your template where you render the form? I am struggling to replicate your issue.~

Nevermind. I've managed to replicate it now.