radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): implement Cloudflare Turnstile CAPTCHA on contact form

Browse Source 
- Add Turnstile script to frontend/index.html
- Implement programmatic widget rendering in ContactPage
- Add backend verification via Cloudflare API
- Include client IP in verification request
- Update CSP headers to allow Cloudflare resources
- Add environment variable configuration for site and secret keys
- Pass VITE_TURNSTILE_SITE_KEY to frontend container
- Add validation and error handling for CAPTCHA tokens
This commit is contained in:
Radosław Gierwiało
2025-12-05 18:08:05 +01:00
parent 25042d0fec
commit f3b8156557
8 changed files with 122 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/.env.production.example
View File

@@ -58,3 +58,7 @@ ENABLE_SCHEDULER=false
SCHEDULER_INTERVAL_SEC=300
# Per-event minimum time between runs in seconds to avoid thrashing
MATCHING_MIN_INTERVAL_SEC=120
# Cloudflare Turnstile (CAPTCHA)
# Get your secret key from: https://dash.cloudflare.com/
TURNSTILE_SECRET_KEY=your-production-secret-key-here