EU CAPTCHA for Symfony

Frequently Asked Questions

• How do I add EU CAPTCHA to a Symfony application?

  Require the EU CAPTCHA PHP client via Composer and register it as a service in services.yaml with your secret key injected from environment variables. In your Twig templates, load verify.js and place the widget div with your sitekey. In your controller, inject the EU CAPTCHA service and call verify() with the token from the request before processing form data.

• Does EU CAPTCHA work with Symfony Forms?

  Yes. You can add EU CAPTCHA verification to Symfony form handling in the controller action that processes the form. After calling $form->handleRequest($request) and checking $form->isSubmitted() and $form->isValid(), retrieve the eu-captcha-response from $request->request->get('eu-captcha-response') and verify it before executing your business logic.

• How do I inject the EU CAPTCHA client using Symfony's DI container?

  Declare the EU CAPTCHA client as a service in config/services.yaml with your secret key as a constructor argument, read from environment variables using %env(EU_CAPTCHA_SECRET_KEY)%. Autowiring handles injection in most cases. You can then type-hint the client in your controller constructor or action method and Symfony's DI container provides the configured instance automatically.

• Can I use EU CAPTCHA with Symfony's validator component?

  Yes. Create a custom Constraint and ConstraintValidator class that calls the EU CAPTCHA PHP client to verify the token. Apply this constraint to the relevant field in your FormType using the 'constraints' option. Symfony's validation pipeline then automatically verifies the CAPTCHA token when $form->isValid() is called, keeping validation logic in one place.

• Does EU CAPTCHA work with Symfony API Platform endpoints?

  Yes. For API Platform endpoints, create a custom DataPersister or use an event listener on the kernel.request event to verify the CAPTCHA token from the JSON request body. Alternatively, add a custom validator that checks for the eu-captcha-response field in your input DTO before the resource is created or updated.

• How do I store the EU CAPTCHA secret key securely in Symfony?

  Store the secret key in your .env file as EU_CAPTCHA_SECRET_KEY and reference it in services.yaml using %env(EU_CAPTCHA_SECRET_KEY)%. For production, use Symfony Secrets (symfony/secrets) or a cloud secrets manager to store the key outside version control. Never commit the actual secret key value to your repository.

• Is EU CAPTCHA GDPR compliant for Symfony applications?

  Yes. EU CAPTCHA is operated by an EU-based company, is hosted entirely in Germany, and does not rely on US cloud providers or infrastructure subject to US surveillance laws. The service processes only the data necessary to provide and verify the CAPTCHA (such as IP address and technical browser or device information) in line with the GDPR. Your organization remains responsible for providing transparent privacy information, selecting an appropriate legal basis, and obtaining any required consent for your specific Symfony implementation. This information does not constitute legal advice; please consult your legal counsel for an assessment of your individual case.