-
-
Notifications
You must be signed in to change notification settings - Fork 958
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict contact form to signed in users #9353
Comments
If you are using LOGIN_REQUIRED, you can remove the contact URL from LOGIN_REQUIRED_URLS_EXCEPTIONS. |
We're not using REQUIRE_LOGIN currently as we prefer the process overall to be transparent and visible - but allowing anonymous users to send email is just a recipe for spam. It would be great to be able to lock down that feature selectively. I suppose we could allow-list every other path manually, but that seems a bit cumbersome in comparison. |
The contact form is open intentionally – it is linked from the page in case the user has trouble registering. There should be some way such user can get in touch... |
This issue has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
Hello. |
You need to include other URLs from the default settings, so that at least login page works. |
I want to disable Weblate contact form in general. |
I've added example to the documentation: b5ca320 |
Thank you for your report; the issue you have reported has just been fixed.
|
Thank you. |
Describe the problem
The "contact your admin" form on our Weblate instance is starting to attract spam from crawlers.
Describe the solution you'd like
It would be good to restrict it to signed in users to mitigate spam.
Describe alternatives you've considered
CAPTCHA is already enabled but CAPTCHAs are increasingly useless.
Screenshots
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: