In order to use Invisible ReCaptcha I've install and configured this module. After enabling it on a custom form of mine, I noticed that anonymous users would be bounced to the search results page instead of the intended action page (self). Removing the form ID from Simple Recaptcha config and clearing cache allows the form to submit normally again. In fact, when initially enabled this works as intended, something seems to happen after some time that has the search page come up after submit.
Note that:
a) I can't reproduce this on demand, but maybe the developer might have a guess as to why this is happening.
b) I had two different forms behave like this, the password reset form and a form provided by a custom module.
c) There is a search form on these pages, I am wondering if somehow this module is attaching to the wrong form on the page
d) It is likely that cache is involved in this somehow since it is necessary to clear the cache in order to restore functionality.

CommentFileSizeAuthor
#4 simple-recaptcha-duplicated-submit-html-ids-3128747-4.patch2.9 KBsandboxpl
#3 patches_simple_recaptcha-submit-correct-form.patch1.21 KBjoshmiller
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

alienzed created an issue. See original summary.

sandboxpl’s picture

sandboxpl
Primary language Polish
Location Poland 🇵🇱
CreditAttribution: sandboxpl at Dropsolid commented
Status: Active » Postponed (maintainer needs more info)

I can't see/find a way to reproduce this issue, can I get some more background information about you set up ? Or maybe we could try to write a test for that ?
How does custom form look like? What's the "Search results page" , which module is providing it ?

joshmiller’s picture

joshmiller
he/him
Primary language English
Location Indianapolis, Indiana, USA
CreditAttribution: joshmiller at Acro Commerce commented
Status: Postponed (maintainer needs more info) » Needs review
FileSize
patches_simple_recaptcha-submit-correct-form.patch1.21 KB

Yes! We didn't have this problem, but we did have a problem with session validation and errors. Turns out to be the same issue.

Here's a quick run-down:

Each part (block) on the page is cached separately, so when someone visits the homepage and that gets cached, Drupal also just pulls the search form from its cache for other pages instead of rendering it from scratch.

If rendering the whole page from scratch, Drupal uses unique IDs in every form. One's submit button has the id #edit-submit, another gets #edit-submit--2, the other #edit-submit--3. But due to the caching behavior with reusing existing blocks, we end up with:

  1. If you visit the homepage, which just has the search form, its button gets #edit-submit.
  2. When you visit the contact page, which has 2 forms that need to be rendered, the Sign Up and contact form, Drupal uses ids #edit-submit and #edit-submit--2. But the cached search form also ends up in the header with an id of #edit-submit too.

The simple_recaptcha module does something quirky. When you click the submit button it runs some javascript to get a token from the reCAPTCHA service, which is fine, but then it has to re-click the submit button, and it does it by looking up the button by ID again. Looking up by ID gives the first element with that ID, the search form's submit button.

We've found the attached patch fixes us up.

sandboxpl’s picture

sandboxpl
Primary language Polish
Location Poland 🇵🇱
CreditAttribution: sandboxpl at Dropsolid commented
Related issues: +#1852090: Cached forms can have duplicate HTML IDs, which disrupts accessible form labels
FileSize
simple-recaptcha-duplicated-submit-html-ids-3128747-4.patch2.9 KB

This seems to be an outcome of caching issues indeed, can be easily reproduced when following steps described in #1852090, or trying to reproduce logic of following patch.

Proposed solution can deal with the issue, but it can bubble with buttons and remove too much data attributes, also the jQuery code will still remain invalid and unreliable, as described in jQuery docs:

Each id value must be used only once within a document. If more than one element has been assigned the same ID, queries that use that ID will only select the first matched element in the DOM. This behavior should not be relied on, however; a document with more than one element using the same ID is invalid.

I'd like to propose a bit different approach, which will get rid of querying submit elements by ID attribute:

const $currentSubmit = $('#' + submitHtmlId);

and use a bit of data-* attributes and form IDs instead, those are unique even when caching gets into some troubles.

Please give a try to this patch which updates JS library for both reCAPTCHA types :_)

sandboxpl’s picture

sandboxpl
Primary language Polish
Location Poland 🇵🇱
CreditAttribution: sandboxpl at Dropsolid commented
Version: 8.x-1.0-alpha10 » 8.x-1.x-dev
fmfpereira’s picture

fmfpereira CreditAttribution: fmfpereira at Dropsolid commented
Status: Needs review » Reviewed & tested by the community

Looks good to me: both v2 and v3 versions only trigger the protected form submit button.

  • sandboxpl committed 9be6fd8 on 8.x-1.x 
    Issue #3128747 by sandboxpl, joshmiller: Submitted custom form lands on...
sandboxpl’s picture

sandboxpl
Primary language Polish
Location Poland 🇵🇱
CreditAttribution: sandboxpl at Dropsolid commented
Status: Reviewed & tested by the community » Fixed

This is now committed to dev branch , new release will follow soon,
thanks every1 !

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.