reCAPTCHA
Blockscout currently supports reCAPTCHA v2 in invisible mode. Previous frontend versions (v1.36.x) support v3, but moving forward we will only support v2.
reCAPTCHA from Google is a free service (with certain usage limits) designed to protect your site from spam and bots. It can be used in Blockscout to prevent bot activity related to CSV downloads and account validation. reCAPTCHA is turned on by default, but can be disabled by setting RE_CAPTCHA_DISABLED
to true.
Obtain your keys
1) To use reCAPTCHA you will need a SITE KEY and SECRET KEY
Go to https://www.google.com/recaptcha/admin/create, login to Google with an existing account, and fill in the following info:
Label: Private label to identify the instance in your reCAPTCHA admin dashboard.
reCAPTCHA type: Select Challenge (v2) and Invisible reCAPTCHA badge
Domains: Enter your primary Blockscout domain, all associated subdomains will be covered. You can enter multiple domains, and also localhost for testing if needed.
Submit

2) Copy your keys and use them with the following ENV variables to enable reCAPTCHA.
RE_CAPTCHA_SECRET_KEY
SECRET KEY
NEXT_PUBLIC_RE_CAPTCHA_APP_SITE_KEY
SITE KEY

3) Add the keys to ENV variables to your .env file or at runtime for the backend and frontend containers. Backend container:
$ export RE_CAPTCHA_SECRET_KEY=6Le...Qdo
Frontend container:
$ export NEXT_PUBLIC_RE_CAPTCHA_APP_SITE_KEY=6L...IU
Additional reCAPTCHA ENV info
Backend reCAPTCHA ENVs are located in the Backend ENVs: Common page in the CSV exports section.
Frontend reCAPTCHA ENVs are located on the Frontend ENVs: Common -> ENVs page in the External Services section.
Disable reCAPTCHA by setting
RE_CAPTCHA_DISABLED
to trueDisable checking reCAPTCHA domain names by setting
RE_CAPTCHA_CHECK_HOSTNAME
to false. This will bypass checking the hostname info added during reCAPTCHA setup in Google. More info on domains.
Last updated
Was this helpful?