First, regarding the recaptchas, you won’t be able to using multiple recaptchas on the same page. That’s a known issue. Regarding the ‘action’ attribute, this attribute is not something you can dynamically change. This is set at build time so that is the reason your initial problem occurred.
That said, do you have multiple instances of the ‘contact’ form? Did you change all the instances of that form named ‘contact’ or just one instance of it? Our buildbot will look for all html forms and if it finds multiple forms with the same name, it only retains the for that was last parsed.
Let me know if that helps point you in the right direction.
1 - No you didn’t get the problem : I have NO MORE action in the form, but it STILL BEHAVE as if action is still there. This is “attached” to the form name used.
2 -But more important is that the problem, is still present without workaround on one of my other site ( georgieff-osteo).
I get Bad Request, malformed URI: https://www.georgieff-osteo.fr/informations/ even if I have no action in the form
This site has just one form. And it shows the bug, even if i already removed the action part.
I tried changing form name for contact2, contact3, contact4 but still buggy.
This is important because I have NO workaround for this site.
3 - For the other sites, just renaming the form name was enough as a workaround.
4 - And it is a simple form use by hugo, no javascript or whaterver. Just plain HTML.
It is obvious this a bug related to the fact that “some time before” I had an action on the form.
My recaptcha was not showing either.
So I discovered that it was because the site header “Content-Security-Policy” was not set for gstatic.com.
So the recaptcha was not showing because the recaptcha script was blocked because of this Content-Security-Policy.
This is not really normal as a behaviour for the form.
PS : the original bug described here is still present (and i have no Content-Security-Policy for those sites).
1 - the recaptcha will not be processed
2 - the form will fail with a Bad Request, malformed URI: https://www.georgieff-osteo.fr/informations/even if the recaptcha was correctly responded.
In case it helps for confirming/or not this problem, this is the HTTP chalenge when the form is sent
I’m not sure you are talking about the same issue anymore. If it’s a different issue, would you be ok in creating a new post for that issue just so we don’t lose site of the original issue?
That said, I believe the issue with the action getting ‘stuck’ even when it is no longer in your code is a bug. A workaround would be to change your form’s name attribute. This will trigger our system to create a completely new form definition for the form without the action attribute. I’ll get an issue filed on our end regarding the stuck ‘action’ attribute.
With regards to your other issue, we won’t hold your hands as far as setting up custom headers using a _headers file. There is no validation across features so you will need to know the consequences of the custom headers that you add to your site. That said, I remember that you included the domain that the recaptcha uses (gstatic.com) to your CSP headers to avoid the issue you mentioned. If that doesn’t work for you, please do start a new post for the issue to avoid confusion.
So, it looks like a fix has been deployed to make sure that the ‘action’ attribute gets updated. Let me know if you still run into this issue. Thanks for your patience!