Hi Gabriel,

I've got it working - partially.

I needed to convert my form to full AJAX.

I also finally did a proper translation of the French comments and realized that I needed to add the this to the AjaxSubmitLink button that submits the form:

            protected void updateAjaxAttributes (final AjaxRequestAttributes paramAttributes)
                super.updateAjaxAttributes (paramAttributes);
                AjaxRecaptchaV3Validator.addExtraParameters (paramAttributes);

That part is pretty cool because it avoids the alternatives like having to create a hidden field in the form.

The AjaxRecaptchaV3Validator instance must also be added to the form (which I did) but maybe that could also be added to the comments in case some people miss that.

I thought of an issue: I read somewhere that the token that is returned after the initial request, after the page loads, is only valid for 2 minutes. However, the validator only uses the token when the form is submitted - which could be > 2 minutes if the user takes their time to fill out the form.

Google doc says:

"Send the token immediately to your backend with the request toverify <https://developers.google.com/recaptcha/docs/verify/>."

which implies that as soon as the page is loaded, when the grecaptcha.execute function, then the request to verify should take place immediately.

So if this is correct, we need extra JS executed after it gets the response from grecaptcha.execute to immediately send a verify request to the backend, completely asynchronous and independent of the form submission and this verify request should contain the token received from grecaptcha.execute.

I'm thinking about options for how this would take place - maybe a request to a particular URL that is 'waiting' for such a request and stores the token value in the session object for later use during form validation.

Google's V3 ReCaptcha is intended to work completely independently of the form submission phase. The bot detection works without needing any form submission but the form validation that occurs lately will use the 'score' returned by the earlier call to ReCaptcha's verify process.

On 29/01/2020 8:53 am, Gabriel Landon wrote:
Hi Chrisco,

It's far from perfect, but here's a good start :



Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to