How long are Cloudflare Turnstile tokens valid?

Turnstile tokens are single-use and expire 5 minutes (300 seconds) after generation. You must reset the widget if the user takes longer than 5 minutes to submit the form.

How do I validate a Turnstile token server-side?

You must perform a POST request to the Cloudflare Siteverify API (challenges.cloudflare.com/turnstile/v0/siteverify) including your secret key, the client token, and ideally the client's IP address.

What should I do if Turnstile fails to load in Chrome or Edge?

Error 106010 is a known first-load issue in Chromium browsers. This skill provides an error-callback pattern with auto-retry logic to handle these cases gracefully.

Does Turnstile support local development?

Yes, you can use dummy sitekeys provided by Cloudflare (e.g., 1x00000000000000000000AA) or add 'localhost' to your widget's hostname allowlist in the Cloudflare dashboard.

Is Cloudflare Turnstile accessible?

Yes, Turnstile is built to be WCAG 2.1 AA compliant and provides a non-interactive experience that is significantly more accessible than traditional image-based CAPTCHAs.

Cloudflare Turnstile Integration

Name: Cloudflare Turnstile Integration
Author: ma1orek

byma1orek

0•

安全与测试

Implements secure, privacy-focused bot protection and spam prevention using Cloudflare Turnstile.

This skill provides comprehensive guidance and implementation patterns for integrating Cloudflare Turnstile into web applications as a non-interactive, privacy-friendly CAPTCHA alternative. It streamlines the deployment of frontend widgets across React, Next.js, and Hono while enforcing mandatory server-side token validation via the Siteverify API. The skill is specifically engineered to prevent over 15 documented integration failures, including token expiration issues, Content Security Policy (CSP) blocking, and browser-specific rendering bugs like the Chrome/Edge first-load error.

主要功能

01Pre-configured CSP and environment variable security patterns

02Secure server-side validation templates for Node.js and Cloudflare Workers

03Integration support for E2E testing using dedicated dummy sitekeys

040 GitHub stars

05Standardized implementation for React, Next.js, Hono, and Vanilla JS

06Automated troubleshooting for 15+ common error codes (106010, 300*, 600*)

使用场景

01Migrating existing reCAPTCHA implementations to a privacy-preserving bot detection solution

02Protecting public forms and comment sections from spam without degrading user experience

03Securing authentication flows like login and signup from automated brute-force attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ma1orek/replay cloudflare-turnstile

For use in Claude.ai and ChatGPT

Download Skill