Posted by sun on
Discovered while testing
- The URL of a CAPTCHA is no longer known after submitting the form. (only the ID is)
- Thus, a new CAPTCHA has to be created/retrieved, in order to get a CAPTCHA URL.
- Make the backend also return the
'url'of a CAPTCHA when verifying the solution.
- That way, the URL can be output again if the CAPTCHA was not solved.
Patch contains the originally proposed changes for "tracking" the CAPTCHA URL locally through a server-client-server round-trip, but which isn't secure.