Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • F Form Protection
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 13
    • Issues 13
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 3
    • Merge requests 3
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Extensions
  • Form Protection
  • Merge requests
  • !8

enable recaptcha v2 to work with stripe.

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged jamie requested to merge jamie/formprotection:stripe-with-v2 into main Dec 13, 2022
  • Overview 3
  • Commits 1
  • Pipelines 0
  • Changes 1

This seems to work, but I'm not sure it's the best solution.

For the record, I don't care that much about recaptcha v2, but I'd like to add support for h-captcha which I think will run into the same problems, so I'm trying to solve them first with Google.

As far as I can tell, there are two problems with using recaptcha v2 and Stripe:

  1. Stripe reloads the recaptcha when you submit to avoid the replay problem. With recaptcha v2, that seems to invalidate the answer the user just provided and in any event doesn't give the user the chance to enter a new answer.
  2. The backend will try to validate the same recaptcha token twice - and since replays are not allowed, the second one fails.

This approach stops reloading recaptcha v2 and also inhibits the second test.

@mattwire - curious to get your thoughts?

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: stripe-with-v2