feat(security): implement Cloudflare Turnstile CAPTCHA on contact form
- Add Turnstile script to frontend/index.html - Implement programmatic widget rendering in ContactPage - Add backend verification via Cloudflare API - Include client IP in verification request - Update CSP headers to allow Cloudflare resources - Add environment variable configuration for site and secret keys - Pass VITE_TURNSTILE_SITE_KEY to frontend container - Add validation and error handling for CAPTCHA tokens
This commit is contained in:
Radosław Gierwiało
@@ -5,3 +5,7 @@ VITE_ALLOWED_HOSTS=localhost,spotlight.cam,.spotlight.cam
|
||||
|
||||
# Alternative: Allow all hosts (development only)
|
||||
# VITE_ALLOWED_HOSTS=all
|
||||
|
||||
# Cloudflare Turnstile (CAPTCHA)
|
||||
# Get your keys from: https://dash.cloudflare.com/
|
||||
VITE_TURNSTILE_SITE_KEY=your-site-key-here
|
||||
|
||||
Reference in New Issue
Block a user