69e7ecfd3c
Our account creation form is publicly accessible, and open to abuse by spammers. The spam bots enter random email addresses and increase our bounce rate. We decided to add a captcha to the form to prevent this abuse. I evaluated a few options and decided to use Cloudflare's Turnstile since it's free and privacy-friendly. It's also easy to implement. [^1] We add their client-side widget to our form. This widget add token input and we use this token to verify the captcha on the server-side. I added `cloudflare_turnstile.erb` component to add Cloudflare Turnstile to any form easily. External Cloudflare script is loaded only when the component is used. There are 3 different modes for Turnstile: managed, non-interactive, and invisible [^2]. It's configurable in the Cloudflare UI. I think we can start with the invisible mode and see how it goes. [^1]: https://developers.cloudflare.com/turnstile/get-started/ [^2]: https://developers.cloudflare.com/turnstile/concepts/widget/ |
||
|---|---|---|
| .. | ||
| create_account.erb | ||
| login.erb | ||
| otp_auth.erb | ||
| recovery_auth.erb | ||
| reset_password.erb | ||
| reset_password_request.erb | ||
| two_factor_auth.erb | ||
| verify_account.erb | ||
| verify_account_resend.erb | ||
| verify_login_change.erb | ||
| webauthn_auth.erb | ||