将javascript变量传递给ajax

Question

I am working on a site with many forms . Most of the forms will be submitted via jquery AJAX.

I have implemented recaptcha for security but the client does not like it as the words are sometimes difficult to read.

As an alternate I am looking at honeytrap method for less important forms. As I understand In this method I keep a field in the form hidden from normal users via CSS. So legitimate users will leave the field blank while a bot will fill it .

Now my question is since I am using jQuery AJAX for form submission, instead of hidden field if form , can't I just pass an extra variable (along with form field variables) from javascript to AJAX. (like var secretword = 1) AJAX will check this variable( if secretword == 1 ) and if it is empty(bot will not use javascript to sumbit form so var will be empty) then the form will not be submitted.For legitimate users javascript function will add "1" value to the variable.Is my method as secure as honeytrap?

NOTE: Website does not work without javascript so need not go into what happens if javascript is disabled.

Please provide me your valuable advice on this.

Answer 1

You're really over-thinking this.

If you only do legitimate submission via AJAX, make the form's action attribute wrong , and you've effectively accomplished what your proposed solution does: Anybody directly submitting the form without JS will have their submission ignored.

This obviously won't deter anybody from figuring out where you AJAX submissions are going and just spamming that endpoint directly, but neither will your proposed secretword=1 solution or a traditional hidden field.