npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"18.2.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^16.0.0" from @mcaptcha/[email protected]
npm ERR! node_modules/@mcaptcha/react-glue
npm ERR!   @mcaptcha/react-glue@"^0.1.0-rc2" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

Issue Description:
Upstream Dependency Conflict using nextjs and @mcaptcha/react-glue

Problem:
When attempting to install @mcaptcha/react-glue for Nextjs project without (legacy-peer-deps or force), an upstream dependency conflict is encountered.

Version:
next - "13.4.0",
react - "18.2.0",
react-dom - "18.2.0",
@mcaptcha/react-glue - "^0.1.0-rc2"

Steps to Reproduce:

1. Create or navigate to a project that utilizes React version 18.2.0.
2. Attempt to install "@mcaptcha/react-glue" version "^0.1.0-rc2" within this project using a package manager (e.g., npm or yarn).
3. Observe installation errors or warnings regarding upstream dependency conflicts.

When adding the widget with

<script src="/static/js/mcaptcha.js"></script>
<script charset="utf-8">
  let config = {
    widgetLink: new URL(
        "https://mymcaptcha.tld/widget/?sitekey=b1JVrsLSQG6cM8cOPa"
    ),
  };
  new mcaptchaGlue.default(config);
</script>

And adding this to my form:

<div id="mcaptcha__widget-container"></div>

I end up with a whole <html><head><body>.... inside my form.... Is there something I'm not doing right? Or is this the intended behaviour?

It would be great if the captcha check could be automatically started with a JavaScript trigger. I haven't found a way to do that (or at least I'm not aware of one).

Background: If I use the captcha for a contact form it can automatically be solved once the user enters the text in a text field so he doesn't need to click on it and wait for it before sending the contact formular.

Solutions like FriendlyCaptcha have this feature.

Get mCaptcha configuration from data-* instead for initializing the mCaptcha obj in client code.

I'm the maintainer of Crowdsec-bouncer-traefik-plugin and some folks ask me to implement mCaptcha provider here.

The front end page to protect user with our plugin, is build like this for every Captcha Provider:

<head>
...
   <script src="{{ .FrontendJS }}" async defer></script>
...
</head>
<body>
...
   <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
...
   
  <script>
    function captchaCallback() {
      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
    }
  </script>
</body>

Is it possible to support this kind of setup with mCaptcha ? It would be super efficient if someone want to change from other provider to mCaptcha.

PS: Excellent project, good initiative to build some complete open source Captcha lib !

Trying to upgrade @mcaptcha/vanilla-glue from 0.1.0-alpha-3 to 0.1.0-rc1, I'm faced with this error:

Error: Couldn't find "mcaptcha_url" dataset in elmement (ID=mcaptcha__token-label)

Is there a changelog or migration guide available?

Also note the typo elmement in the error message.

Issue description
There should be an option to reset the mCaptcha from the codebase.

Problem
Within our project, we have integrated mCaptcha as a security measure before submitting forms. However, upon form submission, while all input values reset successfully using the useState hook, the mCaptcha checkbox remains checked. This issue arises because the mCaptcha checkbox resides within an iframe, and due to security restrictions, we cannot directly manipulate its state from our codebase, especially considering it has a different origin.

Version:
next - "13.4.0",
react - "18.2.0",
react-dom - "18.2.0",
@mcaptcha/react-glue - "0.1.0-rc3"

Expected Behaviour:
The mCaptcha should be resettable from the codebase.

The core library relies on the message event to (it seems) exchange the token from the worker to the application.

But when having another application/library running (i.e. Angular dev tools) that uses the postMessage/message ecessivly, this leads to many errors in the log.

The related code seems to be this:

Maybe the library should send some sort of identification in the message? I.e: { type: 'mcaptcha', token: xxx }, so the code can check for the type and ignore any other messages?

Propagate #12 to other framework libs