Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rails 7 / Turbo : g-recaptcha-response is empty #407

Open
jeygeethan opened this issue Apr 18, 2022 · 17 comments
Open

Rails 7 / Turbo : g-recaptcha-response is empty #407

jeygeethan opened this issue Apr 18, 2022 · 17 comments

Comments

@jeygeethan
Copy link

Whenever I am using rails 7 which is essentially saying using turbolinks for forms, my g-recaptcha-response is blank spaces " "

Version: recaptcha_v2

Solution

If I turn off the turbolinks, data: { turbo: false } in the form, it works again.

@grosser
Copy link
Collaborator

grosser commented Apr 18, 2022 via email

@byteg
Copy link

byteg commented May 21, 2022

Having the same issue with Rails 7.
Disabling turbolinks with data: { turbo: false } helps only for the second captcha check. The first check always returns blank g-recaptcha-response.
Any solution for this?

@rzepetor
Copy link

@byteg @jeygeethan if you inspect html code you can see that there are two 'g-recaptcha-response' inputs so please use
recaptcha_tags noscript: false

@byteg
Copy link

byteg commented May 23, 2022

@rzepetor thank you so much! Now it works :)

@rzepetor
Copy link

rzepetor commented May 23, 2022

@byteg I have other problem, recaptcha verify always fail and I don't know why, its render normally in form, green check icon is showing, in params I have 'g-recaptcha-response' but it always fails 😞 maybe you know why or have any clue?

@bodrovis
Copy link
Contributor

bodrovis commented Jun 21, 2022

For anyone who's having this issue with Turbo and does not want to disable it, this article should help: https://dev.to/fadrien/rails-devise-and-recaptcha-with-hotwire-turbo-and-stimulus-2hoh

Actually, I had exactly the same issue: even if Turbo is disabled, captcha was reported as invalid on every request.

Also, if you are using only recaptcha v2, make sure to include the corresponding script somewhere on your page:

<% provide :scripts do %>
  <script src="https://www.recaptcha.net/recaptcha/api.js" async="" defer=""></script>
<% end %>

@grosser
Copy link
Collaborator

grosser commented Jun 21, 2022 via email

@bodrovis
Copy link
Contributor

I'd love to. However I did some more experiments and it seems this setup is only partially working. For example:

  • I fully reload the login page, enter my email/password and enter the system --> everything is working, recaptcha v3 reports success
  • I open another page and then proceed to the login page by clicking the corresponding link (all pages have Turbo enabled) --> recaptcha verification always fails on the first form submit (it seems to be happening with both v2 and v3).

For now I haven't found a way to fix this :(

@bodrovis
Copy link
Contributor

Actually, I might have found a potential solution. Will experiment more and if it works, I'll submit a PR

@bodrovis
Copy link
Contributor

@grosser Yay, I think I got it working. Here's a PR with a small notice regarding Turbo/Stimulus #413

@chloerei
Copy link

chloerei commented Aug 7, 2022

Setting noscript: false solved my problem.

I wonder why add a textarea in noscript?

<textarea id="g-recaptcha-response" name="g-recaptcha-response"
class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
margin: 10px 25px; padding: 0px; resize: none;">
</textarea>

@grosser
Copy link
Collaborator

grosser commented Aug 7, 2022 via email

@chloerei
Copy link

chloerei commented Aug 7, 2022

@grosser

I found two related commits, date back to 2014.

4d30e9f
aee249b

I did some tests, when open without turbolinks, recaptcha will set the content of noscript to text. when open with turbolinks, it will not be set to text, which results in two textarea.

It should still be related to tubolinks.

@grosser
Copy link
Collaborator

grosser commented Aug 7, 2022

is there an improvement you can suggest or maybe some better docs ?

@chloerei
Copy link

chloerei commented Aug 8, 2022

Currently I use this way:

Add api script in layout's head:

  <head>
    ...
    <script src="https://www.recaptcha.net/recaptcha/api.js" async defer></script>
  </head>

Do not add this script in body, it will cause the api script to be loaded repeatedly.

Tips: It can be selectively loaded using yield :head and content_for :head.

Add this element where recaptcha is required:

<div class="g-recaptcha" data-controller="recaptcha" data-sitekey="<%= ENV['RECAPTCHA_SITE_KEY'] %>"></div>

When this page is the first page visited, it will be rendered by the api script. A stimulus controller is required to handle the case of turbolinks visit.

// recaptcha_controller.js
import { Controller } from "@hotwired/stimulus"

export default class extends Controller {
  connect() {
    // Skip this if grecaptcha has not been loaded or has already been rendered.
    if (window.grecaptcha && window.grecaptcha.render && this.element.childElementCount == 0) {
      grecaptcha.render(this.element, {
        'sitekey' : this.element.dataset.sitekey
      })
    }
  }
}

The above method can solve the problem of repeated loading and rendering timing in the turbolinks environment.


The noscript content is used to add a fallback validation method. But I found that this method seems to be invalid. You can turn off javascript and visit this page to test, it will prompt you to enable javascript:

https://www.google.com/recaptcha/api2/demo

But there is another page that shows it works, I don't know why:

https://www.google.com/recaptcha/api/fallback?k=6LdAvUIUAAAAAHjrjmjtNTcXyKm0WKwefLp-dQv9

@bodrovis
Copy link
Contributor

bodrovis commented Aug 8, 2022

There's no need to make it so complex. The method I've described here https://github.com/ambethia/recaptcha/wiki/Recaptcha-with-Turbo-and-Stimulus works fine with Turbo (not Turbolinks) and Stimulus. I've been using it for a couple of months already and everything seems to be okay

@korolevych-b
Copy link

noscript: false

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants