Using friendly-challenge in chat-style applications

FriendlyCaptcha / friendly-challenge

The widget and docs for the proof of work challenge used in Friendly Captcha. Protect your websites and online services from spam and abuse with Friendly Captcha, a privacy-first anti-bot solution.

https://friendlycaptcha.com

MIT License

412 stars 59 forks source link

Using friendly-challenge in chat-style applications #249

Closed straussmarkus closed 8 months ago

straussmarkus commented 8 months ago

Is it possible to use friendly-challenge in a chat-style application in a way that I don't need to show the widget before submitting every single chat message? Looking to move from Google ReCaptcha v3 invisible validation.

Reading through the docs, it looks like this is currently not possible.

merlinfuchs commented 8 months ago

Hello, you can use our JavaScript API to create and start invisible widgets:

const element = document.createElement("div"); // Create an element that is not part of the DOM
const myCustomWidget = new friendlyChallenge.WidgetInstance(element, {
   doneCallback: (solution) => {
      // Captcha is done solving, send the message and submit solution to server
   },
})

function onMessageSend() {
   myCustomWidget.reset();
   myCustomWidget.start();
}

Keep in mind that you should still inform your users that FriendlyCaptcha is used. It will take a while for the Captcha to solve so it probably makes sense to show some kind of progress anyway

gzuidhof commented 8 months ago

If you're looking at validating messages really often in short intervals (e.g. direct chat), what can work is handing out a token from your server that is either valid for the future X (minutes?) or can be used to send Y messages.

There is no real mechanism to do this without writing some code yourself - it really depends on your usecase and security requirements.