How to use hCaptcha with Ruby on Rails, Turbo, and Stimulus.js Discussion
On the save_with_captcha function you are running the "valid?" in the Hcaptcha.success if-else statement meaning if Hcaptcha.success fails on the else statement - run "valid?" , and if Hcaptcha.success is successful you are calling "save" method. Shouldn't the "valid?" run regardless if Hcaptcha is successful or not? Because Hcaptcha.success might be successful but other validations might fail.
save will run the validations before it persists, so there is no need to call valid? if you are calling save. The call to valid? in the else block is just to populate the errors on the object so your form can show them.
I consider invisible_captcha gem an easiest way to avoid bots. No extra steps for real users, only for the bots