-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recaptcha validator does not use field data #370
Labels
Comments
Workaround: from flask_wtf.recaptcha import Recaptcha
def validate_recaptcha(form, field):
"""Validate recaptcha response."""
# Recaptcha validator only looks for data in a hard-coded field name
# https://github.com/lepture/flask-wtf/issues/370
request.json["g-recaptcha-response"] = field.data
return Recaptcha()(form, field) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Recaptcha validator grabs a specific field by name instead of using
field.data
(link to line below). This means that an HTML form must send the recaptcha value asg-recaptcha-response
or the validator fails. Our frontend is a react app that does not use wtforms to generate the HTML. And uses the actual form field names inside POST data.https://github.com/lepture/flask-wtf/blob/master/flask_wtf/recaptcha/validators.py#L40
If the form data is passed as
{... "recaptcha": "recaptcha_response_value"}
, the validator fails even though it has the data in the passedfield
instance.Our REST api and frontend rely on field names matching. Is there a workaround for this?
The text was updated successfully, but these errors were encountered: