What I am trying to accomplish is still this question but I realized that my issue is not specific to recaptcha but with any token/code/string generated by javascript that I would use to authorize/validate some user.
So let's take a situation where I generate a token with javascript (by any means not necessary recaptcha v3).
How should I handle this token?
a) Is it possible to generate this token before any page rendering, validate it in the backend and allow or deny user to view the page? If it is I don't know how. Maybe using middleware but then javascript would not load.
b) If a) is not possible, what if I generate the token after page load, send it to backend using ajax and validate it. What should I do after I validate it?
Ajax expects a response, after backend validation I could return a result to ajax. But that would mean I will handle the allow/deny user in the front-end, and if the javascript is disabled that would defeat the purpose of authorization.
c) Should I generate the token after the page load , validate it, send it with the next page request and allow or deny user (on the next page) only if the token is present? Meaning that I would not take action on the present page but on the next. But I don't know how to do this.
The main question here, is how to take action securely, for or against a user, based on a javascript generated token.
I am using laravel but this is not a laravel specific question.But any information would be helpful.
