Changes to CAPTCHA implementation on Storefronts
Themes
Effective July 24, 2024
Action required
We are rolling out changes to CAPTCHA on the following forms on Storefronts:
- Customer Login
- Customer Account Creation
- Reset Password
- Contact Form
- Newsletter Signup
- Blog Comments
The changes include:
1. Migration from Google reCAPTCHA to hCaptcha
We are migrating our CAPTCHA solution to hCaptcha as part of an ongoing effort to reduce form spam. This is an ongoing, phased, rollout, and does not affect our published methods for you to work with CAPTCHA.
2. Alternative methods to bind CAPTCHA to forms
You can now force CAPTCHA wireup to Storefront forms using either declarative markup or JavaScript. This is primarily intended for App/Theme developers who wish to take control of Form submission, for example by constructing hidden forms that POST to Shopify. See the documentation for further information and examples.
3. Strict CAPTCHA validation on form submissions
Previously, forms submitted from Storefronts that contained an invalid or missing CAPTCHA token would redirect to /challenge for the user to solve an interactive CAPTCHA. Such form submissions will now cause a 400 error. Theme and App authors who submit forms to Shopify are strongly encouraged to ensure that their forms work with CAPTCHA enabled, by submitting a valid CAPTCHA without relying on the redirect to /challenge