Skip to content

Prevent robots
Compare
Choose a tag to compare
@MicahParks MicahParks released this 15 Apr 23:32
v0.2.0
7310f93
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Release v0.2.0 adds a configuration option that prevents robots from following magic links. The primary purpose of this new feature is to prevent email security products, like "Safe Links" in Microsoft Defender for Office 365, from consuming one-time magic links.

In order to prevent robots, an HTML page is rendered with reCAPTCHA v3. The page automatically redirects on load. It may be briefly visible to the user. In the event that reCAPTCHA v3 verification fails or the user's web browser will not run JavaScript, there is a non-default server configuration option to enable a "button bypass", which is an HTML form that will perform an HTTP redirect without JavaScript. It is possible, but unlikely, that a security product could submit this form when detonating a magic link. It is recommended to turn the "button bypass" on when blocking robots with reCAPTCHA v3.

The server's default behavior is still a direct HTTP redirect and this change should be backwards compatible.

Please see the updated docs site for information on how to configure your instance.

For implementation details, please see this comment on the pull request.

Here are the renderings of the HTML pages used for redirection. These pages should only show for a brief moment, then automatically redirect.

Default:
default
"button bypass":
buttonBypass

Relevant issues:

Relevant pull requests:

Assets 2
Loading