Shopify.devDocs
Log inSign up

Shopify uses cookies to provide necessary site functionality and improve your experience. By using our website, you agree to our privacy policy and our cookie policy.

Back to Developer changelog
Action RequiredThemes

Changes to CAPTCHA implementation on Storefronts

We are rolling out changes to CAPTCHA on the following forms on Storefronts:

  • Customer Login
  • Customer Account Creation
  • Reset Password
  • Contact Form
  • Newsletter Signup
  • Blog Comments

The changes include:

1. Migration from Google reCAPTCHA to hCaptcha

We are migrating our CAPTCHA solution to hCaptcha as part of an ongoing effort to reduce form spam. This is an ongoing, phased, rollout, and does not affect our published methods for you to work with CAPTCHA.

2. Alternative methods to bind CAPTCHA to forms

You can now force CAPTCHA wireup to Storefront forms using either declarative markup or JavaScript. This is primarily intended for App/Theme developers who wish to take control of Form submission, for example by constructing hidden forms that POST to Shopify. See the documentation for further information and examples.

3. Strict CAPTCHA validation on form submissions

Previously, forms submitted from Storefronts that contained an invalid or missing CAPTCHA token would redirect to /challenge for the user to solve an interactive CAPTCHA. Such form submissions will now cause a 400 error. Theme and App authors who submit forms to Shopify are strongly encouraged to ensure that their forms work with CAPTCHA enabled, by submitting a valid CAPTCHA without relying on the redirect to /challenge

Was this section helpful?