Applying Captcha to CRM Generated Form

I have added a form to my site that is generated from my CRM I would like to have the captcha added to it. My site is currently configured with CloudFlare Captcha and it working properly on the Concrete Forms. How do I get the functionality of the Captcha working with my CRMS’s form that is in an HTML block


If it’s an HTML block, are you pulling in the form with something like an iframe or script?

If that’s the case, you’ll need to investigate enabling a CAPTCHA with whatever form you are pulling in.

If you’ve put a raw HTML form in the block that POSTs somewhere - that’s not going to be possible. You will need to build some sort of custom form block, where you programatically add the captcha output, and then test for it on submit.

You may need to provide more details on how you are doing this here.

@mesuva I have used an HTML block and put the HTML Form from the CRM into it.

I have further added the following:

Add script to “page settings” → SEO → header Extra Content
with in a script tag
src=“” async defer>

Add the following above

within a div tag
div class=“cf-turnstile” data-sitekey=“{site key>}” data-theme=“light”>

The CloudFlare block pops up with the check box but it doesn’t protect the form. Seems I am missing something that ties it to the form - It really shouldn’t be too complicated as the code has been installed via the addon.

That’s not quite how CAPTCHAs work.

  • a form displays a captcha and processes whether someone is a robot or not
  • when the form is submitted, a ‘token’ (really just a bit of text) from the captcha is also submitted along with the form’s values
  • on the server side, the token is received and then checked. Depending on the type of captcha it can be checked in different ways.

For Cloudflare Turnstile, that token is send to Cloudflare, and that then comes back and say whether it passed or not.

  • then if it passes, the form is processed on the server. If it fails, that’s where you block the form from submitting.

So it’s not just about adding a script, you have to do some server side checking as well.

If you CRM is some external system, then it’s there that the captcha checking needs to take place.

Found the solution, it was indeed implemented on the CRM .

1 Like