New route for spammers

[tttp]

So obviously, the widget is using the graphql ajax way, but I still need an url for the form, that will never be used, but for possibly spammers.

What about having a /noop route that wait random (5..30 seconds) and return a "you need to enable javascript"?

It would make it easier to test as well for slow server (I need to improve the UI there)

(very low priority)

[dichter]

I have assumed that the form URL would be used to directly open the collection form.
So here is a legitimate use, that is not for spammers: one could link to the form from a button in a Facebook Page and call it "sign now" - the action button top right on a Facebook page can be freely configured to show somewhere. Alternatively one probably make a Facebook app containing the widget form - and it also would just display the webpage and not using the graphql API.

[tttp]

I'm not sure I understand your example

Anyway, we do need to have the frontend working with the backend, for instance for the captcha, so the frontend talking graphql is fine IMO

Could you open another issue about Facebook?