Forms spam protection¶
Cloudflare Turnstile and Google reCAPTCHA v3 protect website forms against spam and abuse. They attempt to distinguish between human and bot submissions using non-interactive challenges based on telemetry and visitor behavior.
重要
We recommend using Cloudflare Turnstile as reCAPTCHA v3 may not be compliant with local data protection regulations.
注解
All pages using the Form, Newsletter Block, Newsletter Popup snippets, and the eCommerce Extra Step During Checkout form are protected by both tools.
Cloudflare Turnstile configuration¶
On Cloudflare¶
Create a Cloudflare account or use an existing one and log in.
On the dashboard navigation sidebar, click Turnstile.
On the Turnstile Sites page, click Add Site.
Add a Site name to identify it easily.
Enter or select the website’s Domain (e.g., example.com or subdomain.example.com).
Select a Widget Mode:
The Managed mode is recommended, as visitors can be prompted to check a box confirming they are human if deemed necessary by Turnstile.
For the Non-interactive and Invisible modes, visitors are never prompted to interact. In Non-interactive mode, a loading widget can be displayed to warn visitors that Turnstile protects the form; however, the widget is not supported by Odoo.
注解
If the Turnstile check fails, visitors are not able to submit the form, and the following error message is displayed:
Click Create.
The generated keys are then displayed. Leave the page open for convenience, as copying the keys in Odoo is required next.
关于Odoo¶
From the database dashboard, click Settings. Under Integrations, enable Cloudflare Turnstile and click Save.
Open the Cloudflare Turnstile page, copy the Site Key, and paste it into the CF Site Key field in Odoo.
Open the Cloudflare Turnstile page, copy the Secret Key, and paste it into the CF Secret Key field in Odoo.
Click Save.
小技巧
Navigate to Turnstile on your Cloudflare account to view the solve rates and access more settings.
reCAPTCHA v3 configuration¶
警告
reCAPTCHA v3 may not be compliant with local data protection regulations.
在Google上¶
打开 reCAPTCHA 网站注册页面。如果需要,登录或创建一个 Google 账号。
在网站注册页面上:
给网站一个 标签。
Leave the reCAPTCHA type on Score based (v3).
输入一个或多个 域名 (例如, example.com 或 subdomain.example.com )。
在 Google Cloud Platform 下,如果已经使用登录的 Google 账户创建了项目,则会自动选择该项目。如果没有,则会自动创建一个项目。点击 Google Cloud Platform 以自行选择项目或重命名自动创建的项目。
同意服务条款。
Click Submit.
然后显示一个带有生成的密钥的新页面。为了方便起见,请将其保持打开,因为接下来需要将密钥复制到Odoo中。
关于Odoo¶
从数据库仪表盘中,点击 设置。在 集成 下,如有需要,启用 reCAPTCHA。
警告
请不要禁用 reCAPTCHA 功能或卸载 Google reCAPTCHA 集成 模块,因为其他许多模块也会被删除。
打开 Google reCAPTCHA 页面,复制 Site key,然后将其粘贴到 Odoo 的 Site Key 字段中。
打开 Google reCAPTCHA 页面,复制 Secret key,然后将其粘贴到 Odoo 的 Secret Key 字段中。
Change the default Minimum score (
0.70) if necessary, using a value between1.00and0.00. The higher the threshold is, the more difficult it is to pass the reCAPTCHA, and vice versa. Out of the 11 levels, only the following four score levels are available by default:0.1,0.3,0.7and0.9.Click Save.
You can notify visitors that reCAPTCHA protects a form. To do so, open the website editor and navigate to the form. Then, click somewhere on the form, and on the right sidebar’s Customize tab, toggle Show reCAPTCHA Policy found under the Form section.
注解
如果reCAPTCHA检查失败,则显示以下错误消息:
小技巧
Analytics and additional settings are available on Google’s reCAPTCHA administration page. For example, you can receive email alerts if Google detects suspicious traffic on your website or view the percentage of suspicious requests, which could help you determine the right minimum score.