So, if you’re using the test keys, I imagine you wouldn’t get a “success” response of any kind since the keys for “unsuccessful” responses (to simulate a failed browser challenge or whatever). I don’t know what keys the original poster used in the other PHP thread. Maybe you could post your question in that thread, if it’s not closed.
Also, do you need to “roll your own” solution here or can you use an existing Wordpress plugin?
Yes, he’s talking about his logic to control how the widget works on his page. He’s now getting the response in $_POST, where he expected. If you look through all of the discussion, you’ll find the solution that worked (i.e. caused the response token to appear in $_POST).
Yes, I am sorry if I have written the wrong impression about my problem. I did get the response in $_POST also, however, similar to his reply, I want to make sure the data is sent IF the CF server-verify comes back with OK or success for interactive challenge case.
Gotcha. So, the response token you’re getting via $_POST is what you need to send to the siteverify endpoint on the back-end. The fact you have a response in $_POST means the browser-side challenge worked. So, I think you’re flow would be:
Load the page such that Turnstile runs the browser challenges
When the user clicks “submit”, the form data is in $_POST, along with the response from the browser challenges
Get the response token in $_POST and send it to the siteverify endpoint for verification
If the call to siteverify works, meaning siteverify verifies the response token you sent, it’s ok to process your form data
If the call to siteverify fails, you can return to the browser the completed form with some kind of error message instructing the visitor to submit the form again or something. The Turnstile widget, itself, won’t prevent the submission of the form.