Adding Cloudflare Turnstile to quickstart.

Can you post a link to the solution you used from Cloudflare?

Sure, no problem. I have been offline for the last 2 days.
1. CloudFlare turnstile – here it generates Api key to connect to my wordpress.
2. The place where CF automatically attached the script itself. I turned it off. Manually adding the code from here meant that the CSP policy did not completely block the operation (by the way, the analytics was compatible with GPDR). CF Turnstile is an alternative solution to Google recaptcha.

Let me know if it is possible to support Cloudflare from your plugin ??

And, do you have a link to the page where you’re trying to use this?

@jonkastonka I use Cloudflare Turnstile on the contact page: https://horbaczewski.info/test/
and with comments below the post: https://horbaczewski.info/contact-form/

Sorry for the late replies but only now I noticed that the messages were going to the spam folder in my mailbox

I just took a look at the console and nothing is blocked by CSP on those pages, so I can’t see that anything is not working.

@jonkastonka I DIDN’T create this topic because of some problems. Your plugin is great – thank you, I’m happy to use it. Everything WORKS, you just have to follow the steps I wrote about in the posts above.
When creating this topic, I asked you: Can you (plan to) add “Cloudflare Turnstile” in your plugin settings -> “quickstart” tab?
I think that if your plugin natively supported Cloudflare Turnstile in quickstart tab like it does for Google reCAPTCHA, it would be nice (you wouldn’t have to follow so many steps: on your website and in cloudflare). I hope you understand the reason for this topic. Let me know what you think ??

Ok, got it!

What domains did you add to which sections to make it work?

Always Allow (I’m not sure that the always allow section is the right place)
Scripts & Images & frames:

https://*.cloudflareinsights.com
https://challenges.cloudflare.com
https://static.cloudflareinsights.com

and

<script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{"token": "123123..."}'></script>

in footer.php (cloudflare generates a different token for each account (user) – that’s why I gave “123…”)

https://static.cloudflareinsights.com is allowed through https://*.cloudflareinsights.com, so that is not needed. But I’d add https://cloudflareinsights.com too. So my suggestion would be:

https://cloudflareinsights.com
https://*.cloudflareinsights.com
https://challenges.cloudflare.com

And the script would be something that would be added in the theme or customizer.

I’ll add this to the Quickstart. Thanks for the info!

Thank You for Your advice and time ??
– I’ve already corrected the entry in the domains tab.
– The script was automatically added by cloudflare and had problems with Turnstile in Firefox Incognito mode (by default, it is always enabled: “Enhanced Tracking Protection“). If the user doesn’t disable automatic loading of scripts in the cloudflare settings, then “Enhanced Tracking Protection” will cause “Turnstile” not to be enabled. I suggest that You add information about this in the settings page Your plugin (look, I sent a screenshot of the cloudflare settings in the message above) and add a field where the user can enter the content of the script (they won’t have to manually edit the .php file like footer.php). I’m not writing this because I’m lazy, but I know that it will give You peace from users questions who won’t know about it.

I can’t wait for the new version of Your plugin with support for Cloudflare Turnstile ??