ambethia
Can invisible recaptcha be skipped with skip_verify_env?
I did skip recaptcha verification on config/initializers/recaptcha.rb for Ruby on Rails
Recaptcha.configuration.skip_verify_env.push("development")
sounds like a bug ... see what the backtrace is ... the invisible code path looks similar to the regular one ... so idk why only invisible would fail ... does the regular tag work ?
I had refactored my app not to use recpatcha but now when I enable it I find that the skipped invisible button just does nothing when clicked from unlisted recaptcha domain. The regular one is skipped correctly, perhaps because it needs a separate submit button.
There are actually two different scenarios on skip in my case:
- From recaptcha listed domain (lvh.me - nginx upstream for localhost:5000)
- Regular recaptcha shows the correct check box (I'm not a robot) but is skipped on submit
- Invisible recpatcha button requests verify user recaptcha api and doesn't seem to care whether skipped or not So, the domain is checked regardless of the skip. No harm though.
- From recaptcha unlisted domain (localhost:5000)
- Regular recaptcha checkbox shows 'Localhost is not in the list of supported domains for this site key' but is skipped on submit
- Invisible recaptcha button just does nothing when clicked
For the invisible case, what I thought skip would do was just call the given callback right away without sending a user verify recaptcha api request (whether the domain is listed or not). Is this by design? Or am I missing something?
If so, the only workaround I can think of is just add the development domain to google recaptcha and use it without skipping (since it doesn't seem to matter anyway).
calling the callback directly sounds right ... and would mean no extra code the user has to take care of.