Remove the remoteip parameter for Turnstile

go-gitea · Feb 5, 2023 · 46aa739 · 46aa739
1 parent f178ef4
commit 46aa739
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 9 deletions.
diff --git a/modules/context/captcha.go b/modules/context/captcha.go
@@ -5,7 +5,6 @@ package context
 
 import (
 	"fmt"
-	"net"
 	"sync"
 
 	"code.gitea.io/gitea/modules/base"
@@ -78,12 +77,7 @@ func VerifyCaptcha(ctx *Context, tpl base.TplName, form interface{}) {
 	case setting.MCaptcha:
 		valid, err = mcaptcha.Verify(ctx, ctx.Req.Form.Get(mCaptchaResponseField))
 	case setting.CfTurnstile:
-		var ip string
-		ip, _, err = net.SplitHostPort(ctx.RemoteAddr())
-		if err != nil {
-			break
-		}
-		valid, err = turnstile.Verify(ctx, ctx.Req.Form.Get(cfTurnstileResponseField), ip)
+		valid, err = turnstile.Verify(ctx, ctx.Req.Form.Get(cfTurnstileResponseField))
 	default:
 		ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
 		return

diff --git a/modules/turnstile/turnstile.go b/modules/turnstile/turnstile.go
@@ -26,12 +26,11 @@ type Response struct {
 }
 
 // Verify calls Cloudflare Turnstile API to verify token
-func Verify(ctx context.Context, response, ip string) (bool, error) {
+func Verify(ctx context.Context, response string) (bool, error) {
 	// Cloudflare turnstile official access instruction address: https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
 	post := url.Values{
 		"secret":   {setting.Service.CfTurnstileSecret},
 		"response": {response},
-		"remoteip": {ip},
 	}
 	// Basically a copy of http.PostForm, but with a context
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost,