Correct. It’s intentional, although if you really want to store those files in R2, you can via config.php edit. Probably not the best idea though… it can be a ton of writes for short-lived files. It also makes your cache remote so will slow it down (imagine if your browser’s cache was on remote servers and how that would affect cache performance).
It’s more likely your Security Level with your zone. If you have it set to anything other than “Essentially off” without a specific reason, it’s probably set wrong. The higher the security level, the more problems you are causing for users (including yourself). You are effectively injecting captchas all over the place, including http requests that the user doesn’t see, so they can’t solve the captchas (basically what you saw there),