[GH-ISSUE #115] 增加Cloudflare Turnstile 验证码支持 #85

New issue

Closed

opened 2026-03-04 12:18:49 +03:00 by kerem · 2 comments

kerem commented 2026-03-04 12:18:49 +03:00

Owner

Copy link

Originally created by @gitiy1 on GitHub (Nov 5, 2022).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/115

Turnstile是cloudflare新推出的验证码服务， 无需视觉拼图即可确认访问者为真实人类，为网站访问者提供更好的体验
Website: https://www.cloudflare.com/zh-cn/products/turnstile/

Originally created by @gitiy1 on GitHub (Nov 5, 2022). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/115 Turnstile是cloudflare新推出的验证码服务， 无需视觉拼图即可确认访问者为真实人类，为网站访问者提供更好的体验 Website: https://www.cloudflare.com/zh-cn/products/turnstile/

kerem closed this issue 2026-03-04 12:18:50 +03:00

kerem commented 2026-03-04 12:18:50 +03:00

Author

Owner

Copy link

@hibobmaster commented on GitHub (Nov 5, 2022):

其实目前是可以使用cloudflare turnstile的，prov使用reCAPTCHAv2/reCAPTCHAv3
https://docs.addesp.com/ngx_waf/advance/directive.html#waf-captcha
把里面的 api 填写为 https://challenges.cloudflare.com/turnstile/v0/siteverify
再把html模板里的脚本改为cf提供的配置即可，我测试下面的配置是okay的
参考: https://developers.cloudflare.com/turnstile/get-started/migrating-from-recaptcha/
captcha-v2-turnstile.html

<!DOCTYPE html>
<html lang="en">
<html>

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Please complete the captcha</title>
  <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
  <style type="text/css">
    div {
      text-align: left;
    }
  </style>
  <script>
    function onSubmit(token) {
      let reqBody = "g-recaptcha-response=" + token;
      let httpRequest = new XMLHttpRequest();
      httpRequest.open("POST", "/captcha");
      httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
      httpRequest.send(reqBody);
      httpRequest.onreadystatechange = () => {
        if (httpRequest.readyState == 4 && httpRequest.status == 200) {
          let text = httpRequest.responseText;
          switch (text) {
            case "good":
              window.location.reload();
              break;
            case "bad":
              alert("Bad CAPTCHA, please refresh the page and try again.\n"
                  + "您未能通过人机验证，请刷新页面后重试。");
              break;
            default:
              alert("Unexpected error occurred, please refresh the page and try again.\n"
                  + "发生了意料之外的错误，请刷新页面后重试。");
          }
        }
      }
    }
  </script>
</head>

<body>
  <h1>Please complete the captcha.</h1>
  <h1>请完成验证码</h1>
  <div class="cf-turnstile" data-sitekey="xxxxxxxxxxxxxxxxxx" data-callback='onSubmit'></div>
  </div>
</body>

</html>

captcha-v3-turnstile.html

<!DOCTYPE html>
<html lang="en">
<html>

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Please complete the captcha</title>
  <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha" async defer></script>
  <style type="text/css">
    div {
      text-align: center;
    }
  </style>
  <script>
    function onSubmit(token) {
      let reqBody = "g-recaptcha-response=" + token;
      let httpRequest = new XMLHttpRequest();
      httpRequest.open("POST", "/captcha");
      httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
      httpRequest.send(reqBody);
      httpRequest.onreadystatechange = () => {
        if (httpRequest.readyState == 4 && httpRequest.status == 200) {
          let text = httpRequest.responseText;
          switch (text) {
            case "good":
              window.location.reload();
              break;
            case "bad":
              alert("Bad CAPTCHA, please refresh the page and try again.\n"
                  + "您未能通过人机验证，请刷新页面后重试。");
              break;
            default:
              alert("Unexpected error occurred, please refresh the page and try again.\n"
                  + "发生了意料之外的错误，请刷新页面后重试。");
          }
        }
      }
    }
  </script>
</head>

<body>
  <h1>Please complete the captcha.</h1>
  <h1>请完成验证码</h1>
  <div>
    <button class="g-recaptcha" data-sitekey="xxxxxxxxxxx"
    data-callback='onSubmit' style="font-size:25px" data-action='submit'>CLICK ME （点击此处）</button>
  </div>
</body>

</html>

<!-- gh-comment-id:1304555848 --> @hibobmaster commented on GitHub (Nov 5, 2022): 其实目前是可以使用cloudflare turnstile的，`prov`使用`reCAPTCHAv2/reCAPTCHAv3` https://docs.addesp.com/ngx_waf/advance/directive.html#waf-captcha 把里面的 api 填写为 https://challenges.cloudflare.com/turnstile/v0/siteverify 再把html模板里的脚本改为cf提供的配置即可，我测试下面的配置是okay的 参考: https://developers.cloudflare.com/turnstile/get-started/migrating-from-recaptcha/ **captcha-v2-turnstile.html** ```html <!DOCTYPE html> <html lang="en"> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Please complete the captcha</title> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script> <style type="text/css"> div { text-align: left; } </style> <script> function onSubmit(token) { let reqBody = "g-recaptcha-response=" + token; let httpRequest = new XMLHttpRequest(); httpRequest.open("POST", "/captcha"); httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); httpRequest.send(reqBody); httpRequest.onreadystatechange = () => { if (httpRequest.readyState == 4 && httpRequest.status == 200) { let text = httpRequest.responseText; switch (text) { case "good": window.location.reload(); break; case "bad": alert("Bad CAPTCHA, please refresh the page and try again.\n" + "您未能通过人机验证，请刷新页面后重试。"); break; default: alert("Unexpected error occurred, please refresh the page and try again.\n" + "发生了意料之外的错误，请刷新页面后重试。"); } } } } </script> </head> <body> <h1>Please complete the captcha.</h1> <h1>请完成验证码</h1> <div class="cf-turnstile" data-sitekey="xxxxxxxxxxxxxxxxxx" data-callback='onSubmit'></div> </div> </body> </html> ``` **captcha-v3-turnstile.html** ```html <!DOCTYPE html> <html lang="en"> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Please complete the captcha</title> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha" async defer></script> <style type="text/css"> div { text-align: center; } </style> <script> function onSubmit(token) { let reqBody = "g-recaptcha-response=" + token; let httpRequest = new XMLHttpRequest(); httpRequest.open("POST", "/captcha"); httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); httpRequest.send(reqBody); httpRequest.onreadystatechange = () => { if (httpRequest.readyState == 4 && httpRequest.status == 200) { let text = httpRequest.responseText; switch (text) { case "good": window.location.reload(); break; case "bad": alert("Bad CAPTCHA, please refresh the page and try again.\n" + "您未能通过人机验证，请刷新页面后重试。"); break; default: alert("Unexpected error occurred, please refresh the page and try again.\n" + "发生了意料之外的错误，请刷新页面后重试。"); } } } } </script> </head> <body> <h1>Please complete the captcha.</h1> <h1>请完成验证码</h1> <div> <button class="g-recaptcha" data-sitekey="xxxxxxxxxxx" data-callback='onSubmit' style="font-size:25px" data-action='submit'>CLICK ME （点击此处）</button> </div> </body> </html> ```

kerem commented 2026-03-04 12:18:50 +03:00

Author

Owner

Copy link

@gitiy1 commented on GitHub (Nov 11, 2022):

十分感谢！希望项目越做越好！

<!-- gh-comment-id:1311410922 --> @gitiy1 commented on GitHub (Nov 11, 2022): 十分感谢！希望项目越做越好！

kerem referenced this issue 2026-03-13 17:01:02 +03:00

[GH-ISSUE #85] Rule 一些疑問和許願 #198

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

lts

lts-dev

add_sp/refactor-replace-libcurl-with-subreq

current-dev

current

current-dev-backup

v6.1.10

v10.1.2

v6.1.9

v6.1.8

v10.1.1

v10.1.0

v6.1.7

v10.0.1

v10.0.0

v9.0.6

v9.0.5

v6.1.6

v6.1.5

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.0.3

v6.1.4

v8.0.2

v8.0.1

v6.1.3

v8.0.0

v7.1.0

v6.1.2

v7.0.1

v7.0.0

v6.1.1

v6.1.0

v6.0.3

v6.0.2

v6.0.2-beta.1

v6.0.1

v6.0.1-beta.2

v6.0.1-beta.1

v6.0.0

v6.0.0-beta.4

v5.5.1

v6.0.0-beta.2

v6.0.0.beta.3

v6.0.0-beta.1

v5.5.0

v5.4.2

v5.4.2-beta.2

v5.4.2-beta.1

v5.4.1

v5.4.1-beta.1

v5.4.0

v5.4.0-beta.1

v5.3.2

v5.3.1

v5.3.0

v5.3.0-beta.4

v5.3.0-beta.3

v5.3.0-beta.2

v5.3.0-beta.1

v5.2.0

v5.2.0-beta.2

v5.2.0-beta.1

v5.1.1

v5.1.1-beta.1

v5.1.0

v5.0.0

v5.0.0-beta.5

v5.0.0-beta.4

v5.0.0-beta.3

v5.0.0-beta.2

v5.0.0-beta.1

v4.1.0-beta.4

v4.1.0-beta.3

v4.1.0-beta.2

v4.1.0-beta.1

v4.0.0

v4.0.0-beta.2

v3.1.6

v3.2.0-beta.1

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.1.0-beta-1

v3.0.3-beta-3

v3.0.2

v3.0.3-beta-2

v3.0.3-beta-1

v3.0.2-beta-2

v3.0.2-beta-1

v3.0.1

v3.0.0

v3.0.0-beta-2

v3.0.0-beta-1

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.1-beta-1

v2.0.0

v2.0.0-beta.1

v1.0.1

v1.0.0

v1.0.0-RC2

v1.0.0-RC1

Labels

Clear labels   

MacOS

  

Nginx

  

OpenResty

  

Tengine

  

bug

  

documentation

  

enhancement

  

needs-investigation

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

stale

  

stale

  

timeout

  

wontfix

No labels

MacOS

Nginx

OpenResty

Tengine

bug

documentation

enhancement

needs-investigation

pull-request

question

stale

stale

stale

timeout

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ngx_waf#85

No description provided.