I am managing to validate the same recaptcha more than once through the "https://www.google.com/recaptcha/api/siteverify" api, I thought this was not possible considering that it is a paid product. Has anyone had the same problem?
During the two minutes I sent several requests, some gave the error "timeout-or-duplicate" and others were successful, so my application is prone to receiving repeated attacks.
I did the test by copying curl(powershell) and repeating the http method call in the command prompt and they were successful with the same recaptcha several times. I also tested it by generating the recaptcha directly from the google api "https://www.google.com/recaptcha/api.js" and validating directly through the api "https://www.google.com/recaptcha/api/siteverify", both tests I managed to use the same recaptcha.
