What is Cloudflare Turnstile?
Cloudflare Turnstile is a new real alternative to Google Re-Captcha. Actually, approximately 97% of the most visited websites use Google Captcha systems.
However, Re-Captcha is known to complicate UX and have poor privacy. John Graham-Cumming, the CTO of Cloudflare said:
"The biggest issue with CAPTCHA is that user experience is terrible. As computers have gotten better at solving them, the user experience has only gotten worse."
With Turnstile, Cloudflare tries to simplify the form validation with a study of the browser environments to detect a real user versus spambots, without visual tests that a user with visual disabilities can't solve.
At pixel open we have been successfully testing Turnstile for several weeks.
Turnstile on Magento
We no longer use official reCaptcha modules on Magento (26 modules on Adobe Commerce). The most painful thing with reCaptcha is always throwing exceptions during failures, polluting error tracking applications like Sentry or New Relic.
The Turnstile module is simple to use and understand. It is now fully compatible with Luma, but not yet with Hyvä (we work on it!). The module actually protects:
- Login on admin and frontend forms (with authentication popup and login in guest checkout)
- Reset password on admin and frontend forms
- Register form
- Contact form
- Product review form
- Send product to friend
We try to achieve the integration with less code as possible without too mush abstraction to simplify understanding.
composer require pixelopen/magento-cloudflare-turnstile
Get the module documentation on the module repository: Magento Cloudflare Turnstile
Avoid PHP error when module action class does not exist
Invalid response message updated
Send product to friend form protection
Fix review form persistence
Simpler way to add an action to validate
New data persistor interface
Admin "login" and "reset password" forms validation
Validation added on guest checkout login form
Widget size configuration
Fix API request on each page with authentication popup
Fix widget resetting on ajax call
Config path updated
CSP Whitelist added
Fix form validator when Turnstile is disabled
Fix review data persistor
Do not use deprecated inheritance in controllers
Module dependencies updated
First stable release