Problem/Motivation
When the captcha contrib module is enabled webform automatically enabled the captcha webform element. It's currently exposed like any other element, but with no specific additional fields.
The most common captcha providers all do their validation using the "current request", e.g. for turnstile \Drupal::request()->get('cf-turnstile-response'). Right now, this would always fail, because the submit resolver (unlike WebformForm.php) does not create a "fake request" for the submission - these contrib validations would all fall back to the main GraphQL request.
Proposed resolution
Introduce the same mechanism in WebformSubmit.php to craft a "subrequest" for the submission. Introduce a new argument on submitWebform, similar to prepopulate, but typed properly (same as WebformSubmissionElement). This keeps elements + "arbitrary POST params" separate. These key => value paris would then be passed along the "sub request".
The benefit of this approach is that it's 100% generic. Not just for captchas, but for anything else that might rely on query params / request body during validation.
There should be no captcha specific code in the module except for minimal support (adding additional fields to WebformElementCaptcha when the element is available).
Issue fork graphql_webform-3607135
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #3
pfrenssenComment #4
pfrenssenThanks, looking good, made a few fixes.
Comment #6
pfrenssen