69e7ecfd3c
Our account creation form is publicly accessible, and open to abuse by spammers. The spam bots enter random email addresses and increase our bounce rate. We decided to add a captcha to the form to prevent this abuse. I evaluated a few options and decided to use Cloudflare's Turnstile since it's free and privacy-friendly. It's also easy to implement. [^1] We add their client-side widget to our form. This widget add token input and we use this token to verify the captcha on the server-side. I added `cloudflare_turnstile.erb` component to add Cloudflare Turnstile to any form easily. External Cloudflare script is loaded only when the component is used. There are 3 different modes for Turnstile: managed, non-interactive, and invisible [^2]. It's configurable in the Cloudflare UI. I think we can start with the invisible mode and see how it goes. [^1]: https://developers.cloudflare.com/turnstile/get-started/ [^2]: https://developers.cloudflare.com/turnstile/concepts/widget/
6.6 KiB
6.6 KiB