PDStig said

(side note: this security graphic is getting old)

What security graphic? Are you talking about the 11 beta8 banner?

From “Post #21299”, 20th Nov 2025

Sorry, I meant the CAPTCHA image. Even just trying to preview my post I was forced to enter the letters. I know you're trying to keep out spam, but still, it's getting old. My previous post failed me on 3 different attempts.

A side note: trying to post this I got an error when hitting the "Post reply" button.:
An internal error occurred (GUID 3f7ca43034b75563aa34c01a4d0411fb). This is usually a software bug and should be reported.

sholzy said

PDStig said

(side note: this security graphic is getting old)

What security graphic? Are you talking about the 11 beta8 banner?

From “Post #21299”, 20th Nov 2025

Sorry, I meant the CAPTCHA image. Even just trying to preview my post I was forced to enter the letters. I know you're trying to keep out spam, but still, it's getting old. My previous post failed me on 3 different attempts.

A side note: trying to post this I got an error when hitting the "Post reply" button.:
An internal error occurred (GUID 3f7ca43034b75563aa34c01a4d0411fb). This is usually a software bug and should be reported.

From “Post #21300”, 20th Nov 2025

Hmm, that's a bug. Please add to the tracker if you can (add as a software bug, not a homesite bug, because it's likely in the software).

I looked into the composr.app settings. The CAPTCHA was supposed to stop after 2 posts and 7 days. Even though the post count is also broken (I believe that is already on the tracker), it registers as 4 posts for you; therefore, you should not be getting CAPTCHAs.

The error is EVIL_POSTED_FORM_EXPIRED_TOKEN_HACK. You tried to submit a form with an expired CSRF token (this is separate from CAPTCHA and is a random hidden string attached to every form). Do you recall how long it has been between when you loaded the form and when you submitted it?

Sorry for the late reply. It was only a few minutes - less than 5, but if I remember correctly, I had to go through a few CAPTCHAs before I was able to submit.

Noted. I haven't directly fixed the CAPTCHA issue yet. But please let me know if you encounter any more CSRF token issues. I noticed a big problem where some data like the token was being cached in the JavaScript across multiple members.

I think this only affected composr.app and not any sites running v11 releases (unless they were running from Git). But I could be wrong.

PDStig said

sholzy

Noted. I haven't directly fixed the CAPTCHA issue yet. But please let me know if you encounter any more CSRF token issues. I noticed a big problem where some data like the token was being cached in the JavaScript across multiple members.

I think this only affected composr.app and not any sites running v11 releases (unless they were running from Git). But I could be wrong.

From “Post #21333”, 11th Dec 2025

I only mentioned the multiple CAPTCHA attempts not knowing whether or not it may have had something to do with the CSRF token issue.

Trying to post this I got another one:
An internal error occurred (GUID 3f7ca43034b75563aa34c01a4d0411fb)

Entered CAPTCHA to preview, then tried to post and got the error. I was able to come back and add to this post before trying to post it again.

Lovely. That's the same CSRF error. Therefore, my previous fixes did not do any good.

Please add that to the tracker if you can (if not, please let me know). I'm not able to deal with it right away; I have someone funding me to finish beta9, but I must prioritize issues that may affect specifically the client; everything else is getting deferred to a later release. So I'll need everything on the tracker.

Regarding CAPTCHA… is it too hard for you to solve? Have you tried clicking the image to make it bigger? What about the audio version? I made changes to it not too long ago to make it harder for AI to detect. But I may have made it too hard. It would be good to know your thoughts.

I don't think I've noticed any difference in the CAPTCHA between now and 6-8 weeks ago.

Once in awhile one of the characters has enough static around it to make it look like another character. I have enlarged it before, but it just looks like pixelated static. The few times I've tried the audio version it was sometimes difficult to understand.

It was a few months ago when I made the change.

Noted. I'll see what I can do. I can probably reduce the audio noise and increase letter spacing a little. I'll have to make sure AI generally still does not understand it.

Guess what!?!
An internal error occurred (GUID 3f7ca43034b75563aa34c01a4d0411fb).

Refreshing the page got me the same error as before.

I'm only posting this here since this thread already had the error posted. Maybe splitting these error posts off to it's own topic might be good?

On a good note… The CAPTCHA is gone!  

I'm at a loss / I've spent too much time on this bug for what it's worth in my current financial state.

If anyone else is experiencing the same bug, then please let me know.

what device, operating system, and browser are you using? Have you cleared your browser cache recently? Maybe my fixes to the templates on composr.app did not go through to you (???).

I'm pretty sure the CAPTCHA bug still exists. I'm going to look into it a bit later, after I wrap up some code refactoring that I am doing.

Also, I've never split posts into a new topic before. I didn't even know we coded that feature, much less it actually worked in v11. The more you know, LOL.

I use Linux on my desktop. Chrome (ver 143.0.7499.40) is the only browser I've been using to access the forum. I don't use a tablet or a cell phone to access the forum. I usually clear the cache every few days. Most recently, the cache was cleared at least 3 times in the week before making that previous post. I can't remember if I had cleared it the same day or the day before.

This post I'm using Firefox (ver 140.5.0esr) to see if the error shows up. I'll use Firefox to access the forum a few times. I've cleared the cache on Firefox before logging into the forum.

In my previous post, the error happened after I refreshed the forum home page. I usually open new posts in it's own tab and when I'm done reading and have closed out my open tabs, I'll refresh the forum home page to see if I missed any new posts. I remember some new forum posts that I read still showed as new when I refreshed the forum home page. I'll try to repeat my steps above in both Firefox and Chrome.

And, if I remember correctly, every time I've gotten the error is when I've had to refresh the page, or some times when previewing a post, or when I've used the back button to try to get back to my post after the CAPTCHA gave me problems.

As early as V8 I've split posts from topics on many occasions when the topic goes off topic.

(I've tried to take my time writing this post to see if that makes a difference. About 30 minutes.   )

Okay, thank you. That gives me some useful information. It sounds like the CSRF tokens are not properly refreshing when you refresh the page. It's possible that Composr is trying to cache the token when it should not be doing so.

I think I have a tracker issue where I want to integrate the change detection system in Conversr. Right now, it is only integrated for support tickets. Essentially, it is an AJAX script that runs every few seconds and notifies you when new content is detected (without you having to refresh the page). I've been wanting to implement this feature in more locations, especially the forums.

This post is using Chrome. Looking at my history, I know I cleared my Chrome cache on Wednesday PM and my post was on Friday. So my error came after clearing the cache, unless you made the change between me clearing the cache and my post.

In Chrome just prior to this post, I tried repeating my opening new tabs, then closing those tabs, and refreshing the forum home page afterwards. No error. Previewing my post, or switching to the full editor gave no error. If I get the error when submitting this post, I'll update this post - no update, no error.