Cloudflare Turnstile breaks forms on iOS (current issue)

The symptom

When Cloudflare Turnstile is enabled on a RocketLead form:

The form renders normally on desktop and Android.
On iOS (Safari, and presumably any WebKit-based browser), the form gets stuck at the CAPTCHA challenge. The Turnstile widget appears but never completes; submitting the form does nothing; the page stays loaded but unresponsive to further interaction.

Removing Turnstile from the form settings — or temporarily disabling it — restores form submission on iOS.

When does it bite

Any form embedded on a customer-facing site with Turnstile enabled. The bug is in the widget’s interaction with RocketLead’s form-runtime JavaScript, not in Turnstile itself or in iOS. Other Cloudflare-protected sites work fine; Turnstile-inside-RocketLead is the specific combination that breaks.

Workarounds

Disable Turnstile entirely. This is the recommended workaround until the fix lands. The form is then open to spam — see below for mitigations.
Use a different CAPTCHA provider (e.g. hCaptcha). The platform supports multiple CAPTCHA backends; switching providers in the form settings is a one-click change.
Apply server-side spam mitigation outside the form — e.g. an automation that filters out obvious spam patterns (no name, generic message body, suspicious email domains) before passing to downstream nodes.

Why we don’t just remove Turnstile from the platform

Turnstile is a legitimately good CAPTCHA option for a lot of customers — invisible challenge, no third-party privacy implications, fast. We’re committed to making it work. The bug is bad enough that we recommend not enabling it in production today, but disabling it permanently isn’t the right call.

Tracking

The fix is queued behind higher-priority work. If a customer hits this and needs Turnstile specifically, escalate to the operator team for an interim CAPTCHA-bypass arrangement.

What’s next

Form-slot buchbar gotcha — the form-side framing of the most-common scheduling-empty-state issue.