^^following for a similar issue. i'm also using sveltekit. when i submit my form, i'm returning a 40

Ffobtac ^^following for a similar issue. i'm also using sveltekit. when i submit my form...

I

Isaac McFadyen•5/3/24, 10:09 PM

?PAT-401 you don't need to worry about the 401 error

F

Flare•5/3/24, 10:09 PM

Seeing a 401 error in your console during a Turnstile security check?
You can safely ignore the error, it's requesting a PAT but your device/browser does not support PATs yet, so you see the error.
Learn more: https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/

I

Isaac McFadyen•5/3/24, 10:09 PM

If Turnstile isn't working then it's seperate from the 401 error, you can ignore that

I

Isaac McFadyen•5/3/24, 10:10 PM

Can you provide more details about what in the form is failing? Is /siteverify not working? Is the widget not rendering? Something else?

IIsaac McFadyen Can you provide more details about what in the form is failing? Is /siteverify n...

F

fobtacOP•5/3/24, 10:48 PM

thank you for the reply! so the form was working before i tried adding the verification. the widget rendered, and showed the green check for successful verification. when i would click submit, the form would submit and forward the data entered to my email, which was the goal of the form. so the turnstile widget was there, but wasn't actually verifying with cloudflare. unfortunately when i tried to set up the server side verification, i started seeing the error. that's definitely good to know the 401 isn't important though. but now after setting up the verification, for some reason when i click submit on my form, the page refreshes but does not show a successful form submit (and i don't receive the usual email.) and checking the console is only showing me that 401. again when i remove the turnstile verification the form submits as it's supposed to. so now i'm wondering if it is more an issue with how i have my code set up. i'm also wondering if i haven't put my secret key in the right place, as i haven't found a concrete way of implementing it with the way i had my code set up previously.

Ffobtac thank you for the reply! so the form was working before i tried adding the verif...

I

Isaac McFadyen•5/3/24, 10:51 PM

It's likely that it's related to /siteverify then. You might be able to try hardcoding the secret key in temporarily and then once you know it works, using environment variables or however you've done it now.

I

Isaac McFadyen•5/3/24, 10:51 PM

Odd that the page is being refreshed if /siteverify is giving an error though.

SSebastian why does `turnstile.reset` create a new browser history entry?

S

Sebastian•5/5/24, 6:37 AM

can anyone help with this?

U

Uday_M•5/6/24, 10:39 AM

#

turnstile does there any want i provide script tag for chatbot and any buddy can add to there website and for that i want to use turnstile captch can one captch work or if my script tag use over 100 website it conside one or 100 or does it not possible

Bbewo we are tracking that issue internally though, i cannot provide an ETA though.

S

Sebastian•5/6/24, 8:53 PM

okay thanks, just wanted confirmation that cloudflare was aware of the issue

B

Bakri•5/7/24, 7:53 AM

hi guys

B

Bakri•5/7/24, 7:54 AM

I have invisible turnstile captcha on the login page, but sometimes when the user login the captcha is not yet completed

IIsaac McFadyen Odd that the page is being refreshed if /siteverify is giving an error though.

F

fobtacOP•5/12/24, 9:27 PM

sorry for the late reply, it turned out it was an error in my pre existing code. i was able to tweak it a bit and get it working. thanks again!

AAmby i wish there was an ESM module version of `https://challenges.cloudflare.com/tur...

K

Kasumi•5/14/24, 5:20 AM

Uhhh that's I guess not how such things work.

Original message was deleted

K

Kasumi•5/14/24, 11:54 AM

I agree with it

J

Jiten•5/15/24, 2:37 PM

Hello @cf-Benedikt , Would you mind kindly addressing the ongoing issue ( https://community.cloudflare.com/t/repeated-cloudflare-turnstile-error-600010/644578) regarding the repeated instances of Cloudflare error 600010 ? It's quite frustrating as the challenge seems to be failing for human users rather than automated ones.

CC: @Helpflare

Bbewo hey, we're looking into it, but its actually an umbrella error code for various ...

J

Jiten•5/15/24, 4:23 PM

Thanks for a quick reply @cf-Benedikt , It would be incredibly beneficial if we could offer meaningful feedback to the client side when such errors occur. Could you please advise on where to obtain the .har file?

S

Seph•5/17/24, 11:25 AM

im trying to verfiey that um human on nexus mods but when i do it says faliur

L

Leyton•5/17/24, 12:38 PM

The billing page for Turnstile (https://www.cloudflare.com/en-gb/products/turnstile/) lists that Turnstile Free is "Interactivity modes: Managed mode only" with "Volume: Unlimited".

Given that the dashboard allows creation of invisible and non-interactive widget types for free accounts; is there any documentation or confirmation around limits for these widget types on the free plan?

L

Leyton•5/17/24, 5:52 PM

Thanks @Leo, appreciated - is this documented anywhere? I know it was in the docs before but has since been removed. Also, and idea on the “non interactive” mode?

L

Leyton•5/17/24, 9:15 PM

Yes, and at the time of that blog post, the documentation reflected the same - but has since been removed and replaced with a link to the pricing page that is more ambiguous.

Bbewo hey, we're looking into it, but its actually an umbrella error code for various ...

D

Dudu•5/18/24, 9:32 PM

Any update on the 600010 loop error?

V

Vriken•5/20/24, 3:25 PM

Sorry for the super long post, and hello!

I recently replaced reCAPTCHA with Turnstile for one of my clients via Google Tag Manager. I'm looking for confirmation on whether I've implemented it correctly. The initial results seem a bit off, though it has only been running for about 30 minutes.

Additionally, is there a way to get similar results to what reCAPTCHA provides, such as an "answer" indicating if the request succeeded and a "score" to determine if the challenge was solved?

Here is the code running on Cloud Run:

const express = require('express');
const fetch = require('node-fetch');
const FormData = require('form-data');

const app = express();
app.use(express.urlencoded({ extended: true }));

const secretKeys = {
  'www.a.se': process.env.SECRET_KEY_a,
  'www.b.se': process.env.SECRET_KEY_b,
  'www.c.se' : process.env.SECRET_KEY_c
};

async function handlePost(request, response) {
    const token = request.body['cf-turnstile-response'];
    const ip = request.headers['cf-connecting-ip'];
    const referer = request.headers['referer'];
    const hostname = new URL(referer).hostname;
    const secret = secretKeys[hostname];

    if (!token) {
        return response.status(401).send('Missing Turnstile token');
    }

    if (!secret) {
        return response.status(401).send('Invalid hostname');
    }

    const formData = new FormData();
    formData.append('secret', secret);
    formData.append('response', token);
    formData.append('remoteip', ip);

    const result = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
        body: formData,
        method: 'POST',
    });

    const outcome = await result.json();
    if (!outcome.success) {
        return response.status(401).send('The provided Turnstile token was not valid! \n' + JSON.stringify(outcome));
    }

    response.send('Turnstile token successfully validated. \n' + JSON.stringify(outcome));
}

app.post('/', handlePost);

const port = process.env.PORT || 8080;
app.listen(port, () => console.log(`App listening on port ${port}!`));

const express = require('express');
const fetch = require('node-fetch');
const FormData = require('form-data');

const app = express();
app.use(express.urlencoded({ extended: true }));

const secretKeys = {
  'www.a.se': process.env.SECRET_KEY_a,
  'www.b.se': process.env.SECRET_KEY_b,
  'www.c.se' : process.env.SECRET_KEY_c
};

async function handlePost(request, response) {
    const token = request.body['cf-turnstile-response'];
    const ip = request.headers['cf-connecting-ip'];
    const referer = request.headers['referer'];
    const hostname = new URL(referer).hostname;
    const secret = secretKeys[hostname];

    if (!token) {
        return response.status(401).send('Missing Turnstile token');
    }

    if (!secret) {
        return response.status(401).send('Invalid hostname');
    }

    const formData = new FormData();
    formData.append('secret', secret);
    formData.append('response', token);
    formData.append('remoteip', ip);

    const result = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
        body: formData,
        method: 'POST',
    });

    const outcome = await result.json();
    if (!outcome.success) {
        return response.status(401).send('The provided Turnstile token was not valid! \n' + JSON.stringify(outcome));
    }

    response.send('Turnstile token successfully validated. \n' + JSON.stringify(outcome));
}

app.post('/', handlePost);

const port = process.env.PORT || 8080;
app.listen(port, () => console.log(`App listening on port ${port}!`));

const express = require('express');
const fetch = require('node-fetch');
const FormData = require('form-data');

const app = express();
app.use(express.urlencoded({ extended: true }));

const secretKeys = {
  'www.a.se': process.env.SECRET_KEY_a,
  'www.b.se': process.env.SECRET_KEY_b,
  'www.c.se' : process.env.SECRET_KEY_c
};

async function handlePost(request, response) {
    const token = request.body['cf-turnstile-response'];
    const ip = request.headers['cf-connecting-ip'];
    const referer = request.headers['referer'];
    const hostname = new URL(referer).hostname;
    const secret = secretKeys[hostname];

    if (!token) {
        return response.status(401).send('Missing Turnstile token');
    }

    if (!secret) {
        return response.status(401).send('Invalid hostname');
    }

    const formData = new FormData();
    formData.append('secret', secret);
    formData.append('response', token);
    formData.append('remoteip', ip);

    const result = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
        body: formData,
        method: 'POST',
    });

    const outcome = await result.json();
    if (!outcome.success) {
        return response.status(401).send('The provided Turnstile token was not valid! \n' + JSON.stringify(outcome));
    }

    response.send('Turnstile token successfully validated. \n' + JSON.stringify(outcome));
}

app.post('/', handlePost);

const port = process.env.PORT || 8080;
app.listen(port, () => console.log(`App listening on port ${port}!`));

const express = require('express');
const fetch = require('node-fetch');
const FormData = require('form-data');

const app = express();
app.use(express.urlencoded({ extended: true }));

const secretKeys = {
  'www.a.se': process.env.SECRET_KEY_a,
  'www.b.se': process.env.SECRET_KEY_b,
  'www.c.se' : process.env.SECRET_KEY_c
};

async function handlePost(request, response) {
    const token = request.body['cf-turnstile-response'];
    const ip = request.headers['cf-connecting-ip'];
    const referer = request.headers['referer'];
    const hostname = new URL(referer).hostname;
    const secret = secretKeys[hostname];

    if (!token) {
        return response.status(401).send('Missing Turnstile token');
    }

    if (!secret) {
        return response.status(401).send('Invalid hostname');
    }

    const formData = new FormData();
    formData.append('secret', secret);
    formData.append('response', token);
    formData.append('remoteip', ip);

    const result = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
        body: formData,
        method: 'POST',
    });

    const outcome = await result.json();
    if (!outcome.success) {
        return response.status(401).send('The provided Turnstile token was not valid! \n' + JSON.stringify(outcome));
    }

    response.send('Turnstile token successfully validated. \n' + JSON.stringify(outcome));
}

app.post('/', handlePost);

const port = process.env.PORT || 8080;
app.listen(port, () => console.log(`App listening on port ${port}!`));

And the Google Tag Manager tag:

<script>
    window.onloadTurnstileCallback = function () {
        var widgetId = turnstile.render('#turnstile-container', {
            sitekey: 'sitekey',
            callback: function(token) {
                var xhr = new XMLHttpRequest();
                xhr.open('POST', 'https://turnstile.app', true);
                xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
                xhr.setRequestHeader('cf-turnstile-response', token);
                xhr.setRequestHeader('Referer', '{{Page URL}}');
                xhr.send('cf-turnstile-response=' + encodeURIComponent(token));
            }
        });
    };
</script>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
<div id="turnstile-container"></div>

<script>
    window.onloadTurnstileCallback = function () {
        var widgetId = turnstile.render('#turnstile-container', {
            sitekey: 'sitekey',
            callback: function(token) {
                var xhr = new XMLHttpRequest();
                xhr.open('POST', 'https://turnstile.app', true);
                xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
                xhr.setRequestHeader('cf-turnstile-response', token);
                xhr.setRequestHeader('Referer', '{{Page URL}}');
                xhr.send('cf-turnstile-response=' + encodeURIComponent(token));
            }
        });
    };
</script>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
<div id="turnstile-container"></div>

<script>
    window.onloadTurnstileCallback = function () {
        var widgetId = turnstile.render('#turnstile-container', {
            sitekey: 'sitekey',
            callback: function(token) {
                var xhr = new XMLHttpRequest();
                xhr.open('POST', 'https://turnstile.app', true);
                xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
                xhr.setRequestHeader('cf-turnstile-response', token);
                xhr.setRequestHeader('Referer', '{{Page URL}}');
                xhr.send('cf-turnstile-response=' + encodeURIComponent(token));
            }
        });
    };
</script>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
<div id="turnstile-container"></div>

<script>
    window.onloadTurnstileCallback = function () {
        var widgetId = turnstile.render('#turnstile-container', {
            sitekey: 'sitekey',
            callback: function(token) {
                var xhr = new XMLHttpRequest();
                xhr.open('POST', 'https://turnstile.app', true);
                xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
                xhr.setRequestHeader('cf-turnstile-response', token);
                xhr.setRequestHeader('Referer', '{{Page URL}}');
                xhr.send('cf-turnstile-response=' + encodeURIComponent(token));
            }
        });
    };
</script>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
<div id="turnstile-container"></div>

Thank you for the help! :pepeHeartsInChat:

D

Dao•5/21/24, 10:20 AM

Hello, I was told to post my issue here: general-help600010 error in turnstile

Thanks for any help!

D

Dao•5/21/24, 10:27 AM

Also posting my stats

D

Dao•5/21/24, 10:27 AM

P

Pc Principal•5/22/24, 5:57 AM

Is it possible to change the looks of the turnstyle ?

PPc Principal Is it possible to change the looks of the turnstyle ?

H

Hello, I’m Allie!•5/22/24, 6:59 AM

Enterprise Customers can remove the Cloudflare Branding IIRC, but that is it

Original message was deleted

L

Leyton•5/22/24, 9:03 AM

Thanks @Sloth and @Leo for your help - I've also had an answer from Cloudflare support (

3265141

3265141), which is a little more detailed:

Thanks for coming back to Cloudflare Support.

> Is it the case that non-interactive and invisible are currently being offered for free, but will soon be charged for?

This is correct, but things are going to be slightly changed with self-serve pricing but all the existing customers will be grandfathered in to the legacy subscription and will be able to keep whatever is offered to them now.

The team will look into updating the pricing matrix asap.

I'm not able to provide further information regarding the pricing.

Thanks for coming back to Cloudflare Support.

> Is it the case that non-interactive and invisible are currently being offered for free, but will soon be charged for?

This is correct, but things are going to be slightly changed with self-serve pricing but all the existing customers will be grandfathered in to the legacy subscription and will be able to keep whatever is offered to them now.

The team will look into updating the pricing matrix asap.

I'm not able to provide further information regarding the pricing.

Thanks for coming back to Cloudflare Support.

> Is it the case that non-interactive and invisible are currently being offered for free, but will soon be charged for?

This is correct, but things are going to be slightly changed with self-serve pricing but all the existing customers will be grandfathered in to the legacy subscription and will be able to keep whatever is offered to them now.

The team will look into updating the pricing matrix asap.

I'm not able to provide further information regarding the pricing.

Thanks for coming back to Cloudflare Support.

> Is it the case that non-interactive and invisible are currently being offered for free, but will soon be charged for?

This is correct, but things are going to be slightly changed with self-serve pricing but all the existing customers will be grandfathered in to the legacy subscription and will be able to keep whatever is offered to them now.

The team will look into updating the pricing matrix asap.

I'm not able to provide further information regarding the pricing.

L

Leyton•5/22/24, 9:14 AM

Great point - in a previous reply, I was pointed to the pricing table highlighting the word "unlimited"; but the pricing table only currently covers the managed mode.
I'll reply to the ticket and see if I can get a clear answer on what they intend to grandfather in terms of limits to

siteverify

siteverify

siteverify

siteverify on the non-interactive and invisible modes.

G

ganey•5/22/24, 1:16 PM

We're getting a higher level of errors than normal back from turnstile, response is: {"error":"internal_error"}

Users are seeing code 600010

Anyone else experiencing issues?

Gganey We're getting a higher level of errors than normal back from turnstile, response...

D

Dao•5/23/24, 9:33 AM

Almost everyone here in this channel is experiencing that issue, but it is all "wait for a reply, the turnstile team is active in here", but never any actual reply. Just use another captcha

G

ganey•5/23/24, 9:34 AM

Looks like we'll have to complain somewhere more public like twitter instead..

Gganey Looks like we'll have to complain somewhere more public like twitter instead..

D

Dao•5/23/24, 9:35 AM

That is a good idea, if you have more reach do it for all of us please so the issue is actually fixed!

D

Dao•5/23/24, 9:36 AM

I unfortunately have very little for that

Original message was deleted

L

Leyton•5/23/24, 11:31 AM

Well, got a reply with a flat-out refusal to confirm anything else around the current limitations for Turnstile:

As mentioned in my last reply, then I'm not able to provide any further information related to the pricing.
The document related to the pricing matrix will be updated.

Bbewo we are aware of the 600010 issues and currently trying to find a deterministic r...

D

Dao•5/23/24, 2:20 PM

I can provide you one in DM if you want

G

ganey•5/23/24, 4:01 PM

Firefox tends to error more frequently

P

Pc Principal•5/24/24, 6:17 PM

does anyone know how to fix this

The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/thCBy90zqmBonn2dYlU%2FD%2BMzVlbuUEXEmRt0jJlmUpg%3D was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/thCBy90zqmBonn2dYlU%2FD%2BMzVlbuUEXEmRt0jJlmUpg%3D was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/thCBy90zqmBonn2dYlU%2FD%2BMzVlbuUEXEmRt0jJlmUpg%3D was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/thCBy90zqmBonn2dYlU%2FD%2BMzVlbuUEXEmRt0jJlmUpg%3D was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

P

Pc Principal•5/24/24, 6:18 PM

I want my console clean

P

Pc Principal•5/24/24, 6:20 PM

What about

Third-party cookie will be blocked. Learn more in the Issues tab.

Third-party cookie will be blocked. Learn more in the Issues tab.

Third-party cookie will be blocked. Learn more in the Issues tab.

Third-party cookie will be blocked. Learn more in the Issues tab.

P

Pc Principal•5/24/24, 6:23 PM

Nevermind I see that's also intended from trunstyle

Bbewo we are aware of the 600010 issues and currently trying to find a deterministic r...

I

ItsWendell•5/25/24, 11:57 PM

I was just stuck trying to get this fixed in Chrome on localhost, meanwhile it works fine in Firefox for me on Linux.

Edit: I just learned that this was due to me having Chrome Dev Tools open with e.g. an iPhone device mock open that causes the widget to fail, probably due to user-agent not matching

M

moritz•5/28/24, 1:31 PM

I got a chatbot which is hosted with an iframe on different sites. Is it possible to integrate the turnstile captcha into my iframe to protect it?

^^following for a similar issue. i'm also using sveltekit. when i submit my form, i'm returning a 40

Similar Threads