- πΊπΈUnited States mlncn Minneapolis, MN, USA
Agree this is major. At the very least we need to document that CDNs must be disabled on CAPTCHA pages.
- π©πͺGermany Anybody Porta Westfalica
Could lazy builders help?
https://www.drupal.org/docs/drupal-apis/render-api/auto-placeholdering β
https://drupalsun.com/philipnorton42/2022/05/01/drupal-9-using-lazy-buil...
https://www.hashbangcode.com/article/drupal-10-using-lazy-builder-create...I'd really be happy, if someone with huge Drupal knowledge could have a look at this for feedback - as it surely affects a ton of Drupal installations regarding performance. My 16Y Drupal experience is sadly still not enough to be sure we go the right way here ... ;D Sorry.
- π©πͺGermany Anybody Porta Westfalica
@japerry any thoughts on this perhaps, as super experienced Drupal Dev? I think this would be super useful for many projects out there, having CTA forms on regular pages.
- πͺπΈSpain omarlopesino
I would like to help with this topic as I need to allow caching in a website with high traffic. As it has been suggested, we should find a way to do the validation through AJAX. The problem with the server-side validation is that the captcha session ID gets lost.
Does it make sense to generate the captcha session ID on the JS side through an AJAX request, and then send the captcha session ID as a form value in the submit? It would also require some validation in client side to check it is created by the system and not maliciously.
Please let me know your thoughts about this, I will investigate further and in the case I find a stable solution I would come up with a merge request.
- π©πͺGermany Anybody Porta Westfalica
- π©πͺGermany geek-merlin Freiburg, Germany
This is great stuff!
IIRC this is the core use case of "lazy builder" and "auto placeholdering".
- Implement the captcha in a lazybuilder and add caching information max-age=0
- Then auto-placeholdering kicks in, which
- allows the page cache to cache the page without the captcha
- if bigpipe is enabled, serves the page with a placeholder, and has it replaced via js- https://www.drupal.org/docs/drupal-apis/render-api/auto-placeholdering β
- https://www.droptica.com/blog/drupal-bigpipe-using-lazy-builders-2023/
- https://www.youtube.com/watch?v=SdcNXbEeymwOnly somebody(tm) has to code it.
- π©πͺGermany Anybody Porta Westfalica
Thanks @geek-merlin happy to have you on board here! π And nice to see you like the idea.
Maybe we(tm) can solve this together, puzzling our knowledge together.I'd really like to get this solved (plus some other important fixes in captcha). It's pain to see how many people use this module, but nobody really cares... ;) or at least pays :P
We're in a large project currently, but if you should find some time in the next months to tackle this with us, feel free to ping me or @Grevil.
- π©πͺGermany geek-merlin Freiburg, Germany
There are lots of good lazybuilder docs and articles, and examples like this. You should look how far this gets you and can pm me with an MR.