debian-mirror-gitlab/doc/integration/recaptcha.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

50 lines
2 KiB
Markdown
Raw Normal View History

2021-01-29 00:20:46 +05:30
---
2023-03-17 16:20:25 +05:30
stage: Data Science
group: Anti-Abuse
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2021-11-18 22:05:49 +05:30
# reCAPTCHA **(FREE SELF)**
2023-04-23 21:23:45 +05:30
GitLab leverages [reCAPTCHA](https://www.google.com/recaptcha/about/)
to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page
to confirm that a real user, not a bot, is attempting to create an account.
## Configuration
2022-01-26 12:08:38 +05:30
To use reCAPTCHA, first create a site and private key.
2021-03-11 19:13:27 +05:30
1. Go to the [Google reCAPTCHA page](https://www.google.com/recaptcha/admin).
2022-01-26 12:08:38 +05:30
1. To get reCAPTCHA v2 keys, fill in the form and select **Submit**.
1. Sign in to your GitLab server as an administrator.
2022-10-11 01:57:18 +05:30
1. On the top bar, select **Main menu > Admin**.
2022-01-26 12:08:38 +05:30
1. On the left sidebar, select **Settings > Reporting** (`admin/application_settings/reporting`).
1. Expand **Spam and Anti-bot Protection**.
1. In the reCAPTCHA fields, enter the keys you obtained in the previous steps.
2021-11-11 11:23:49 +05:30
1. Select the **Enable reCAPTCHA** checkbox.
1. To enable reCAPTCHA for logins via password, select the **Enable reCAPTCHA for login** checkbox.
2022-01-26 12:08:38 +05:30
1. Select **Save changes**.
1. To short-circuit the spam check and trigger the response to return `recaptcha_html`:
1. Open `app/services/spam/spam_verdict_service.rb`.
1. Change the first line of the `#execute` method to `return CONDITIONAL_ALLOW`.
2020-07-28 23:09:34 +05:30
2021-02-22 17:27:13 +05:30
NOTE:
2021-03-11 19:13:27 +05:30
Make sure you are viewing an issuable in a project that is public. If you're working with an issue, the issue is public.
2018-11-08 19:23:39 +05:30
2021-11-11 11:23:49 +05:30
## Enable reCAPTCHA for user logins using the HTTP header
2018-11-08 19:23:39 +05:30
2021-11-11 11:23:49 +05:30
You can enable reCAPTCHA for user logins via password [in the user interface](#configuration)
or by setting the `X-GitLab-Show-Login-Captcha` HTTP header.
For example, in NGINX, this can be done via the `proxy_set_header`
2018-11-08 19:23:39 +05:30
configuration variable:
2020-04-22 19:07:51 +05:30
```nginx
2018-11-08 19:23:39 +05:30
proxy_set_header X-GitLab-Show-Login-Captcha 1;
```
2020-05-24 23:13:21 +05:30
In Omnibus GitLab, this can be configured via `/etc/gitlab/gitlab.rb`:
2018-11-08 19:23:39 +05:30
```ruby
2020-10-24 23:57:45 +05:30
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => '1' }
2018-11-08 19:23:39 +05:30
```