Skip to Content Skip to Menu

🏖 End of summer sale! Savings on all memberships including single add-ons! Get 25% off now with code SUMMER25!

CB antispam cloudflare issue

  • activha
  • activha
  • OFFLINE
  • Posts: 2314
  • Thanks: 115
  • Karma: 13
2 months 3 weeks ago #338342 by activha
CB antispam cloudflare issue was created by activha
Hello
I just implemented cloudflare turnstile and have an issue that i don't understand
Keys are properly added in the settings and our domain is duly registered at cloudflare.
On the CB forgot login page for instance I get the green success logo but when we try to get a new password the page always reload with captcha code non valid

Could you tell me what I miss here ?
Page is at  cercle.business/cb-forgot-login

Thanks

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48275
  • Thanks: 8240
  • Karma: 1441
2 months 3 weeks ago #338344 by krileon
Replied by krileon on topic CB antispam cloudflare issue
Is it just forgot login doing this or is it failing for you everywhere? Have retested login, forgot login, and registration Cloudflare Turnstile and appears to still be working fine for me. Are you sure you copied your keys over correctly?

I do see a CB AntiSpam JavaScript error on the forgot login page, but seams to still work for me despite the error since it's just appending an attribute for client side validation. The response code from turnstile also appears to be submitting to your server. So my best guess is "Secret Key" might be incorrect.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2314
  • Thanks: 115
  • Karma: 13
2 months 3 weeks ago - 2 months 3 weeks ago #338345 by activha
Replied by activha on topic CB antispam cloudflare issue
Just double checked the keys and they are correct.

I have CORS warnings on each page where Turnstile is used with : Blocked a frame with origin " challenges.cloudflare.com " from accessing a frame with origin " cercle.business ". Protocols, domains, and ports must match.

It seems to block every thing including registration

PS : we already have on the server
add_header Access-Control-Allow-Origin "*";
add_header Timing-Allow-Origin "*";
Last edit: 2 months 3 weeks ago by activha.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48275
  • Thanks: 8240
  • Karma: 1441
2 months 3 weeks ago #338346 by krileon
Replied by krileon on topic CB antispam cloudflare issue
I can't help you in regards to CORS issues with the iframe as we don't handle that. We simply render the widget and it does whatever Cloudflare needs it to. You'll need to contact Cloudflare regarding that.

I've fixed the JS error in latest CB AntiSpam build, but it was a non-blocking error so unsure if it's going to help with your issue.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2314
  • Thanks: 115
  • Karma: 13
2 months 3 weeks ago #338348 by activha
Replied by activha on topic CB antispam cloudflare issue
Seems to be a bug with cloudflare service for turnstile, so no sure that it's ready usable within CB Antispam

community.cloudflare.com/t/missing-cross-origin-resource-policy-corp-response-header/567311/9

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48275
  • Thanks: 8240
  • Karma: 1441
2 months 3 weeks ago #338350 by krileon
Replied by krileon on topic CB antispam cloudflare issue
Doesn't appear to be a bug, but something further you need to configure. See the reply below the post you linked. I don't see how this has any impact on CB AntiSpam readiness to using Cloudflare Turnstile as CB AntiSpam isn't responsible for your server configuration. You'll probably run into CORS issues with any external captcha without additional configurations. Have you tried hCaptcha? I've read they have CORS handling out of the box, but have not verified this.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum