Hey CF team, Turnstile seems to be impacting the Google OAuth pop-up here. The page refreshes once u
Hey CF team, Turnstile seems to be impacting the Google OAuth pop-up here.
The page refreshes once users click on the "Sign in with Google" button. It works without problems when running Firebase AppCheck with Recaptcha.
I get these errors:
• “[Cloudflare Turnstile] Nothing to reset found for provided container.”
• “Firebase: Error (auth/popup-blocked).”
10 Replies
What is the next step to troubleshoot users encountering Uncaught TurnstileError: [Cloudflare Turnstile] Error: 600010. Tried private mode, cleared cache and cookies and disabled Extensions
Can you modify the Passing Threshold?
Like you can on hcaptcha
Sad
Makes me prefer hCaptcha over turnstile
Unknown User•5w ago
Message Not Public
Sign In & Join Server To View
for turnstile: does the invisible challenge become visible and display an interactive challenge... or is the invisible challenge solely just "visible" and "invisible"?
at least it's not that ROBLOX CAPTCHA ("Impossible" Orbit CAPTCHA) and you have to make this for 10 times in a row if there's connection interference it can take over hundred times in a row
Cloudflare Turnstile uses recent activities to detect human/robot activity, and humans can pass this with one click (even with a keyboard mouse for people who do not have a mouse).
how to add this site.
Hello everyone, I've been using reCAPTCHA v2 for the past year or so, but recently I wanted to checkout cloudflare's turnstile... after reading a bit I found out that cloudflare's turnstile is not very good. but I feared that this mught be fake news, so I want to ask you... how good is turnstile against bots (more specifically on mobile apps)
I'm getting an
invalid-input-secret when attempting to validate a token with the 1x0000000000000000000000000000000AA test secret and a token from the client. I've broken it down to be able to reproduce with a curl command:
where my-token-here is replaced with the actual token, which I got from the turnstile client component. It's expired at the very least, and could be invalid in other ways – but why am I getting invalid-input-secret error message, when that's definitely not the problem, especially when using the test key that should make the token always pass?
I can share the actual token too if it's helpful; I've omitted it to keep things readable.Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
Is that a recent change? I believe it was working with any key when I first implemented it. It would be nice if it worked with any response, but if that's not an option, at least having a more logical error message would be helpful.
It broke the way we bypass turnstile for our automated tests
If we're using a testing key with the API, why would the value of the response matter?
I see. In our case the use of the testing key is intentional. Could a new error message be created like
hey-you're-using-a-test-key-with-a-real-response for this instead?
It would have saved me a lot of debugging time, and I doubt I'm the only one who's run into this