Widget 2.0 Contact Form: now with recaptcha!

We've added reCAPTCHA to the Contact tab for those of you using Widget 2.0. These changes might impact you if you have the Contact Form enabled and are using Widget 2.0. See below for more details.

For customers using Modern Widget or the Legacy Widget, these changes should not impact your widgets in any way. If you do notice anything unusual with your widget contact form, please contact us immediately!

Who's affected?

This change affects you if:

  • You have the Contact Form enabled in your knowledge base.
  • You are using the Contextual Help Widget (2.0).
  • You have selected the Contact Form option to Require ReCaptcha "I'm not a robot" validation to submit a ticket
    Relevant Knowledge Base > Contact Form settings

The impacts are a little different depending on whether you're using a KnowledgeOwl subdomain or have set up a private domain for your knowledge base, as outlined more below.

TL;DR summary of things below: if you're using a KO subdomain, you don't need to do anything; if you're using a private domain, you'll want to add a V3 reCAPTCHA key!

What's new?

Widget 2.0's Contact tab is now aware of the reCAPTCHA setting in Knowledge Base > Contact Form, so you can enforce reCAPTCHA on your widget contact form to prevent spam submissions there, just as you would in the full contact form. reCAPTCHA is a free service from Google designed to verify that someone interacting with your site is a real person and not a bot. A "CAPTCHA" is a simple test--usually a task that is very easy for a human to perform, but hard for bots and other malicious software to figure out.

This way, no matter where your widget is embedded, you can apply the same reCAPTCHA protections to the Contact tab that you might use in the knowledge base Contact Form itself.

We've seen an increase in these kinds of spam tickets on our public widget and wanted to be sure using Widget 2.0 wasn't causing your support team any extra spam tickets, either!

For the Widget Contact tab, we're using reCAPTCHA V3, which is a silent/invisible reCAPTCHA--no boxes to check or fire hydrants to find. reCAPTCHA calculates a score behind-the-scenes to determine if your end-user is a bot or a human. Widget end-users who fail the invisible V3 will not be able to submit the Contact tab.

The only obvious change to the widget end-user experience is a required statement in the contact tab, just below the submit button:

Sample reCAPTCHA statement

This statement is not editable/removable and will appear automatically. (This is part of Google's reCAPTCHA terms of service, and we felt the statement was better than forcing a reCAPTCHA icon to appear over your website, for example.)

You can see this footer statement now by opening the widget in the KnowledgeOwl app (click Help in the upper right)--or click Contact Support in our support documentation--and viewing the Contact tab. 😉

Customers with KnowledgeOwl subdomains

As with other reCAPTCHA settings, if you are using a KnowledgeOwl subdomain (like mykb.knowledgeowl.com), you do not need to make any changes.

We will automatically apply reCAPTCHA to your Widget 2.0 Contact tab whenever the Require ReCaptcha "I'm not a robot" validation to submit a ticket box is checked in Knowledge Base > Contact Form.

If you have these settings selected, you should now see the reCAPTCHA statement in the screenshot above in your widget's Contact tab.

Customers with private domains

If you are using the above settings with your own domain (like help.owlsareawesome.com), you will need to add your own V3 reCAPTCHA key and secret to leverage this feature.

You'll see the V3 reCAPTCHA settings just below the existing V2 reCAPTCHA settings in Settings > Basic, and you can follow the same process for adding a V3 reCAPTCHA as outlined in Add reCAPTCHA. (Updated documentation coming soon!)

reCAPTCHA V3 section in Settings > Basic if you are using a private domain

If the Contact Form is set to require reCAPTCHA and you have not yet entered a V3 reCAPTCHA key, don't worry! Your widget Contact tab will still work. In this state, you just won't see the reCAPTCHA statement in the footer (and you'll have no reCAPTCHA protections). We wanted to be sure this wouldn't be a breaking change for you.

Once you add a V3 reCAPTCHA key and secret, the footer statement will appear in your Widget Contact tab and contact form submissions through the tab will be under that reCAPTCHA's protection.

The only other issue widget end-users might see is if you have entered an invalid V3 reCAPTCHA key/secret. If this happens, once your end-users click the Contact tab submit button, we throw an error message above the submit button and don't allow them to submit:

To summarize, if you're using a private domain and you have the Contact Form enabled:

reCAPTCHA enabled in Knowledge Base > Contact Form?
Knowledge base domain
Settings > Basic v3 key/secret status
Widget end-user experience
Contact tab protected by reCAPTCHA?
No
KO subdomain or private domain
N/A
No different; tab submits
No
Yes
KO subdomain
N/A; key/secret automatically applied
Contact tab displays reCAPTCHA footer statement; tab submits
Yes
Yes
Private domain
No key/secret added
No different; tab submits
No
Yes
Private domain
Valid key/secret added
Contact tab displays reCAPTCHA footer statement; tab submits
Yes
Yes
Private domain
Invalid key/secret added
Contact tab displays reCAPTCHA statement; reCAPTCHA error thrown when end-user tries to submit
Yes, but submissions are prevented

We hope these changes offer a bit more peace of mind for Widget 2.0 customers, and help reduce spam emails/tickets!