Description
In config/initializers/recaptcha.rb:4-11, if HCAPTCHA_SITE_KEY and HCAPTCHA_SECRET_KEY environment variables are not set in production, the keys will be nil, potentially disabling captcha validation entirely.
Recommendation
Validate presence of these keys on boot and raise an error if missing in production.
Severity
Medium
Description
In
config/initializers/recaptcha.rb:4-11, ifHCAPTCHA_SITE_KEYandHCAPTCHA_SECRET_KEYenvironment variables are not set in production, the keys will benil, potentially disabling captcha validation entirely.Recommendation
Validate presence of these keys on boot and raise an error if missing in production.
Severity
Medium