twenty icon indicating copy to clipboard operation
twenty copied to clipboard

Published 20 hours ago verified publisher icon twentyhq

Deploy captcha (turnstile) in prod and setup monitoring

Open FelixMalfait opened this issue 9 months ago • 3 comments

We've worked on a feature to protect our forms: https://github.com/twentyhq/twenty/pull/4626

We should now setup the env variables to add this protection on prod and on next.

Also in prod we should add some monitoring for captcha failure rate in possible (if captcha have a high failure rate we want to be notified. Probably we can set that in Cloudflare alerts?)

Make sure to test this well :)

FelixMalfait avatar May 15 '24 08:05 FelixMalfait

The turnstile have been enabled on next, but it seems to only support "invisible" mode, is that expected? I assume that no captcha will actually show up and it might silently fail in the background. If I enable regular mode on cloudflare console, I get an error in my browser console. image

I went in private navigation with a VPN, and indeed I did get a silent fail with no captcha showing up image

Freebios avatar May 15 '24 23:05 Freebios

@Freebios yes that's expected! Captcha shouldn't be visible. Thanks!

FelixMalfait avatar May 16 '24 08:05 FelixMalfait

Screenshot 2024-05-16 at 10 08 17

doesn't seem to work on Next for me, let's wait before rolling out to prod

FelixMalfait avatar May 16 '24 08:05 FelixMalfait

Were there any development on that matter?

Freebios avatar Jun 06 '24 20:06 Freebios

Yes I think it's been deployed and everything works well now

FelixMalfait avatar Jun 07 '24 07:06 FelixMalfait