Skip to content

enable recaptcha v2 to work with stripe.

jamie requested to merge jamie/formprotection:stripe-with-v2 into main

This seems to work, but I'm not sure it's the best solution.

For the record, I don't care that much about recaptcha v2, but I'd like to add support for h-captcha which I think will run into the same problems, so I'm trying to solve them first with Google.

As far as I can tell, there are two problems with using recaptcha v2 and Stripe:

  1. Stripe reloads the recaptcha when you submit to avoid the replay problem. With recaptcha v2, that seems to invalidate the answer the user just provided and in any event doesn't give the user the chance to enter a new answer.
  2. The backend will try to validate the same recaptcha token twice - and since replays are not allowed, the second one fails.

This approach stops reloading recaptcha v2 and also inhibits the second test.

@mattwire - curious to get your thoughts?

Merge request reports