A couple of (not at all rare!) situations where enabling Marketo’s built-in reCAPTCHA breaks forms completely
It’s nice that you can turn on reCAPTCHA v3 verification for Marketo forms with minimal hassle. But not so nice that your forms can silently fail due to (undocumented until now) incompatibility with a couple of common setups.
Situation #1: Known Visitor HTML (KV HTML)
If you’ve enabled KV HTML (“If Known Visitor, show Custom HTML”) and a visitor meets the requirements, the custom form will fail to submit.
Situation #2: Multiple forms
If you have multiple forms on the same page, only the last one to load will successfully submit. The others will fail to find the reCAPTCHA fingerprint field:
As you know from earlier posts (and from browser basics) the load order of forms isn’t the same as their DOM order. So your “footer form” doesn’t necessarily load last — depends on point-in-time network and server performance. Assume the forms load in random order, and only one lucky form will be submittable.
And #3 while we’re at it
There’s a 3rd setup — less familiar to MOPS folks, but perfectly reasonable — that also breaks: a published CSP policy that doesn’t allow unsafe-eval
.
Why Marketo decided to use JS eval
I can’t say. But one of my clients flagged this: they’d just rolled out built-in reCAPTCHA when they realized their staging site’s CSP was accidentally more permissive than their prod site and everything failed in prod.
Solution: Use custom JS
The solution is to flip back/over to my custom reCAPTCHA JS and follow the recorded implementation guide.