In order to use Invisible ReCaptcha I've install and configured this module. After enabling it on a custom form of mine, I noticed that anonymous users would be bounced to the search results page instead of the intended action page (self). Removing the form ID from Simple Recaptcha config and clearing cache allows the form to submit normally again. In fact, when initially enabled this works as intended, something seems to happen after some time that has the search page come up after submit.
Note that:
a) I can't reproduce this on demand, but maybe the developer might have a guess as to why this is happening.
b) I had two different forms behave like this, the password reset form and a form provided by a custom module.
c) There is a search form on these pages, I am wondering if somehow this module is attaching to the wrong form on the page
d) It is likely that cache is involved in this somehow since it is necessary to clear the cache in order to restore functionality.
Comment | File | Size | Author |
---|---|---|---|
#4 | simple-recaptcha-duplicated-submit-html-ids-3128747-4.patch | 2.9 KB | sandboxpl |
| |||
#3 | patches_simple_recaptcha-submit-correct-form.patch | 1.21 KB | joshmiller |
Comments
Comment #2
sandboxplI can't see/find a way to reproduce this issue, can I get some more background information about you set up ? Or maybe we could try to write a test for that ?
How does custom form look like? What's the "Search results page" , which module is providing it ?
Comment #3
joshmillerYes! We didn't have this problem, but we did have a problem with session validation and errors. Turns out to be the same issue.
Here's a quick run-down:
Each part (block) on the page is cached separately, so when someone visits the homepage and that gets cached, Drupal also just pulls the search form from its cache for other pages instead of rendering it from scratch.
If rendering the whole page from scratch, Drupal uses unique IDs in every form. One's submit button has the id #edit-submit, another gets #edit-submit--2, the other #edit-submit--3. But due to the caching behavior with reusing existing blocks, we end up with:
The simple_recaptcha module does something quirky. When you click the submit button it runs some javascript to get a token from the reCAPTCHA service, which is fine, but then it has to re-click the submit button, and it does it by looking up the button by ID again. Looking up by ID gives the first element with that ID, the search form's submit button.
We've found the attached patch fixes us up.
Comment #4
sandboxplThis seems to be an outcome of caching issues indeed, can be easily reproduced when following steps described in #1852090, or trying to reproduce logic of following patch.
Proposed solution can deal with the issue, but it can bubble with buttons and remove too much data attributes, also the jQuery code will still remain invalid and unreliable, as described in jQuery docs:
I'd like to propose a bit different approach, which will get rid of querying submit elements by ID attribute:
and use a bit of data-* attributes and form IDs instead, those are unique even when caching gets into some troubles.
Please give a try to this patch which updates JS library for both reCAPTCHA types :_)
Comment #5
sandboxplComment #6
fmfpereira CreditAttribution: fmfpereira at Dropsolid commentedLooks good to me: both v2 and v3 versions only trigger the protected form submit button.
Comment #8
sandboxplThis is now committed to dev branch , new release will follow soon,
thanks every1 !