security-package
security-package copied to clipboard
magento
Load recaptcha related files on focus of the form fields.
Description (*)
reCaptcha remote files will be loaded only if customer (visitor) focus on the fields for the form for which reCaptcha is enabled. This will reduce loaded files and immediately reflects to loading time.
Fixed Issues (if relevant)
- Fixes https://github.com/magento/security-package/issues/333
- Fixes https://github.com/magento/magento2/issues/38303
Manual testing scenarios (*)
- Enable reCaptcha (no matter which version) for Newsletter, Contact Form, Review, Registration or ... anything.
- Load the page which will contains form for which reCaptcha is enabled (Ex. Contact form /contact)
- ReCaptcha external (gstatic.com) files will not be loaded (you will not see the logo of the recaptcha or loaded files in the network tab of the browser developer inspector).
- Click on the first or random field (Ex. Name)
- Recaptcha files will be loaded and you will see logo of the repCaptcha somewhere on the page as you are configured in the step 1.
Questions or comments
Contribution checklist (*)
- [x] Author has signed the Adobe CLA
- [x] Pull request has a meaningful description of its purpose
- [x] All commits are accompanied by meaningful commit messages
- [x] All new or changed code is covered with unit/integration tests (if applicable)
- [x] All automated tests passed successfully (all builds are green)
Hi @Bashev. Thank you for your request. I'm working on Magento instance for you.
![magento-deployment-service[bot] avatar](https://avatars.githubusercontent.com/in/52578?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @Bashev, unfortunately there is no ability to deploy Magento instance at the moment. Please try again later.
Hi @Bashev. Thank you for your request. I'm working on Magento instance for you.
Hi @Bashev, unfortunately there is no ability to deploy Magento instance at the moment. Please try again later.
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.
![magento-automated-testing[bot] avatar](https://avatars.githubusercontent.com/in/43625?v=4 "Published by a pub.dev verified publisher"){kind=small}
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.
@Bashev, unfortunately, I don't have write permissions to this repo. Could you please change
Fixed Issues (if relevant)
1. https://github.com/magento/security-package/issues/333
2. https://github.com/magento/magento2/issues/38303
to
Fixed Issues (if relevant)
1. Fixes https://github.com/magento/security-package/issues/333
2. Fixes https://github.com/magento/magento2/issues/38303
so that two issues will be automatically closed when this PR will be merged
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.
@ihor-sviziev @fredden, I think the error from the failed test is not related to the PR.
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.
@Bashev, I saw the comment from @techtoni in https://github.com/magento/magento2/issues/38303#issuecomment-1866115302:
Re invisible reCaptcha v3 - the way this technology works is it tracks the user behaviour through the website to establish if it is real user or a bot. It is supposed to be included on all pages, not loaded after a form is interacted with, see documentation - https://developers.google.com/recaptcha/docs/v3
It looks like this PR actually changes behavior for v2 invisible and v3 invisible, which means v3 might work incorrectly due to this change. Could you please double-check that?
@ihor-sviziev i saw the comment also, and also read the documentation.
reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.
Works best not means, it's mandatory. From my point of view this not break the rules of reCAPTCHA. Yes probably this will have some negative impact of the scoring, but will be acceptable.
All of us knows, Google uses reCAPTCHA also to track user behavior and this is the main reason for which they want to have it on all pages.