2021-01-29 00:20:46 +05:30
---
2021-02-22 17:27:13 +05:30
stage: Create
group: Ecosystem
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2021-04-17 20:07:23 +05:30
# reCAPTCHA **(FREE)**
2016-01-14 18:37:52 +05:30
2020-10-24 23:57:45 +05:30
GitLab leverages [Google's reCAPTCHA ](https://www.google.com/recaptcha/about/ )
2016-01-14 18:37:52 +05:30
to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page
to confirm that a real user, not a bot, is attempting to create an account.
## Configuration
To use reCAPTCHA, first you must create a site and private key.
2021-03-11 19:13:27 +05:30
1. Go to the [Google reCAPTCHA page ](https://www.google.com/recaptcha/admin ).
2019-02-15 15:39:39 +05:30
1. Fill out the form necessary to obtain reCAPTCHA v2 keys.
1. Log in to your GitLab server, with administrator credentials.
1. Go to Reporting Applications Settings in the Admin Area (`admin/application_settings/reporting`).
2019-12-21 20:55:43 +05:30
1. Fill all reCAPTCHA fields with keys from previous steps.
2019-02-15 15:39:39 +05:30
1. Check the `Enable reCAPTCHA` checkbox.
1. Save the configuration.
2020-07-28 23:09:34 +05:30
1. Change the first line of the `#execute` method in `app/services/spam/spam_verdict_service.rb`
to `return CONDITONAL_ALLOW` so that the spam check short-circuits and triggers the response to
return `recaptcha_html` .
2021-02-22 17:27:13 +05:30
NOTE:
2021-03-11 19:13:27 +05:30
Make sure you are viewing an issuable in a project that is public. If you're working with an issue, the issue is public.
2018-11-08 19:23:39 +05:30
## Enabling reCAPTCHA for user logins via passwords
By default, reCAPTCHA is only enabled for user registrations. To enable it for
user logins via passwords, the `X-GitLab-Show-Login-Captcha` HTTP header must
be set. For example, in NGINX, this can be done via the `proxy_set_header`
configuration variable:
2020-04-22 19:07:51 +05:30
```nginx
2018-11-08 19:23:39 +05:30
proxy_set_header X-GitLab-Show-Login-Captcha 1;
```
2020-05-24 23:13:21 +05:30
In Omnibus GitLab, this can be configured via `/etc/gitlab/gitlab.rb` :
2018-11-08 19:23:39 +05:30
```ruby
2020-10-24 23:57:45 +05:30
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => '1' }
2018-11-08 19:23:39 +05:30
```