README.md in invisible_captcha-2.0.0 vs README.md in invisible_captcha-2.1.0

- old
+ new

@@ -1,9 +1,10 @@
 # Invisible Captcha
 
 [![Gem](https://img.shields.io/gem/v/invisible_captcha.svg?style=flat-square)](https://rubygems.org/gems/invisible_captcha)
-[![Build Status](https://travis-ci.com/markets/invisible_captcha.svg?branch=master)](https://travis-ci.com/markets/invisible_captcha)
+[![Build Status](https://github.com/markets/invisible_captcha/workflows/CI/badge.svg)](https://github.com/markets/invisible_captcha/actions)
+[![codecov](https://codecov.io/gh/markets/invisible_captcha/branch/master/graph/badge.svg?token=nADSa6rbhM)](https://codecov.io/gh/markets/invisible_captcha)
 
 > Complete and flexible spam protection solution for Rails applications.
 
 Invisible Captcha provides different techniques to protect your application against spambots.
 
@@ -19,11 +20,11 @@
 - a time-sensitive :hourglass: form submission
 - an IP based :mag: spinner validation
 
 ## Installation
 
-Invisible Captcha is tested against Rails `>= 5.2` and Ruby `>= 2.5`.
+Invisible Captcha is tested against Rails `>= 5.2` and Ruby `>= 2.7`.
 
 Add this line to your Gemfile and then execute `bundle install`:
 
 ```ruby
 gem 'invisible_captcha'
@@ -61,10 +62,12 @@
     redirect_to root_path
   end
 end
 ```
 
+You should _not_ name your method `on_spam`, as this will collide with an internal method of the same name.
+
 Note that it is not mandatory to specify a `honeypot` attribute (neither in the view nor in the controller). In this case, the engine will take a random field from `InvisibleCaptcha.honeypots`. So, if you're integrating it following this path, in your form:
 
 ```erb
 <%= form_tag(new_contact_path) do |f| %>
   <%= invisible_captcha %>
@@ -95,26 +98,28 @@
 </html>
 ```
 
 You can place `<%= flash[:error] %>` next to `:alert` and `:notice` message types, if you have them in your `app/views/layouts/application.html.erb`.
 
+**NOTE:** This gem relies on data set by the backend, so in order to properly work, your forms should be rendered by Rails. Forms generated via JavaScript are not going to work well.
+
 ## Options and customization
 
 This section contains a description of all plugin options and customizations.
 
 ### Plugin options:
 
 You can customize:
 
 - `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
-- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if you are running multiple Rails instances behind a load balancer. See [Multiple Rails instances](#multiple-rails-instances).
+- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if you are running multiple Rails instances behind a load balancer (see [Multiple Rails instances](#multiple-rails-instances)). Beware that Chrome may ignore `autocomplete="off"`. Thus, consider not to use field names, which would be autocompleted, like for example `name`, `country`.
 - `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
 - `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](https://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
 - `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
 - `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
 - `injectable_styles`: if enabled, you should call anywhere in your layout the following helper `<%= invisible_captcha_styles %>`. This allows you to inject styles, for example, in `<head>`. False by default, styles are injected inline with the honeypot.
-- `spinner_enabled`: option to disable the IP spinner validation.
+- `spinner_enabled`: option to disable the IP spinner validation. By default, true.
 - `secret`: customize the secret key to encode some internal values. By default, it reads the environment variable `ENV['INVISIBLE_CAPTCHA_SECRET']` and fallbacks to random value. Be careful, if you are running multiple Rails instances behind a load balancer, use always the same value via the environment variable.
 
 To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
 
 ```ruby
@@ -204,11 +209,11 @@
 
 The `data` passed to the subscriber is hash containing information about the request that was detected as spam. For example:
 
 ```ruby
 {
-  message: "Invisible Captcha honeypot param 'subtitle' was present.",
+  message: "Honeypot param 'subtitle' was present.",
   remote_ip: '127.0.0.1',
   user_agent: 'Chrome 77',
   controller: 'users',
   action: 'create',
   url: 'http://example.com/users',
@@ -218,11 +223,11 @@
     action: 'create'
   }
 }
 ```
 
-_**Note:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards._
+**NOTE:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards.
 
 ### Content Security Policy
 
 If you're using a Content Security Policy (CSP) in your Rails app, you will need to generate a nonce on the server, and pass `nonce: true` attribute to the view helper. Uncomment the following lines in your `config/initializers/content_security_policy.rb` file:
 
@@ -245,10 +250,10 @@
 
 ```erb
 <%= invisible_captcha nonce: true %>
 ```
 
-**WARNING:** Content Security Policy can break your site! If you already run a website with third-party scripts, styles, images, and fonts, it is highly recommended to enable CSP in report-only mode and observe warnings as they appear. Learn more at MDN:
+**NOTE:** Content Security Policy can break your site! If you already run a website with third-party scripts, styles, images, and fonts, it is highly recommended to enable CSP in report-only mode and observe warnings as they appear. Learn more at MDN:
 
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
 ### I18n