- πΊπΈUnited States mlncn Minneapolis, MN, USA
Agree this is major. At the very least we need to document that CDNs must be disabled on CAPTCHA pages.
- π©πͺGermany Anybody Porta Westfalica
Could lazy builders help?
https://www.drupal.org/docs/drupal-apis/render-api/auto-placeholdering β
https://drupalsun.com/philipnorton42/2022/05/01/drupal-9-using-lazy-buil...
https://www.hashbangcode.com/article/drupal-10-using-lazy-builder-create...I'd really be happy, if someone with huge Drupal knowledge could have a look at this for feedback - as it surely affects a ton of Drupal installations regarding performance. My 16Y Drupal experience is sadly still not enough to be sure we go the right way here ... ;D Sorry.
- π©πͺGermany Anybody Porta Westfalica
@japerry any thoughts on this perhaps, as super experienced Drupal Dev? I think this would be super useful for many projects out there, having CTA forms on regular pages.
- πͺπΈSpain omarlopesino
I would like to help with this topic as I need to allow caching in a website with high traffic. As it has been suggested, we should find a way to do the validation through AJAX. The problem with the server-side validation is that the captcha session ID gets lost.
Does it make sense to generate the captcha session ID on the JS side through an AJAX request, and then send the captcha session ID as a form value in the submit? It would also require some validation in client side to check it is created by the system and not maliciously.
Please let me know your thoughts about this, I will investigate further and in the case I find a stable solution I would come up with a merge request.