Cloudflare Turnstile and greater protection (enhancement)

  • Resolved ZicPL

    (@zicpl)


    6 months ago

    Hi,
    Great plugin, simple and works with my CF7. You did an amazing job! Yes, I wanted to thank for autor, but I’ve two things to talk about. Please don’t treat my statement as my whining ??

    1. Interaction Your plugin with this two:
    a) Cookies and Content Security Policy By Jonk
    b) LiteSpeed Cache

    What I did:
    a) In the “Domains” tab -> “always allow” group, I added:
    https://*.cloudflareinsights.com
    https://challenges.cloudflare.com
    https://static.cloudflareinsights.com
    (yes I don’t use google recaptcha)

    b) On the plugin page it says::
    “I’m using a cache plugin, and it seems to be interfere with this plugin Review the settings of you cache plugin. Litespeed cache, go to WP Admin > LiteSpeed Cache > Cache > Excludes, scroll down to “Do Not Cache Cookies” and enter cookies_and_content_security_policy and save your changes.” <– I did it.
    After above steps, I launched Your plugin. Next I checked the console and found an error message regarding Cloudflare Turnstile: (in pair with your plugin – as I wrote below):

    XHRGET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/888e70add8323bc1/1716565816712/8b8224c2a03c22a8ac962eef18c59fe607de069c5322b87b219cef9d93245da2/Q7K8ivzdTzFKncc [HTTP/2 401 75ms]
    More info: “The next request for the Private Access Token challenge may return a 401 and show a warning in console.”
    File: v1?ray=888e7986cbeab1c7
    Code: this.h[this.g ^ j] = k === void 0 ? l[kW(2698)](null, n) : k[l][kW(2698)](k, n)
    Comment: Filed to load resource: the server responded with a status of 401 ()

    I use the Firefox browser for testing: disabling from Your plugin “Unique entries per user” resulted in no error. This means that two plugins a), b) are configured correctly. I’m using the latest version of all plugins and WordPress. My use case is replacing google recaptcha so it’s possible Your plugin hasn’t been tested.
    Would you find time to help me?

    2. I noticed that the plugin is great at protecting against users without technical knowledge but person who know how deletes data from the browser, then this plugin won’t protect us. Have you considered: Adding a new option to your plugin’s control panel: IP list of form senders? Managing an IP block for the form submission process is a good idea, isn’t it? For a user who sends e.g. 500 forms within a short period of time (intrusive), show the information:
    “Form blocked for [1] day – you cannot send the form. Use another form of contact: chat.”
    I understand that many users may have the same IP so manually turning on/off “IP time lock” would do the trick.

    Best regards

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.