CORS problem https://challenges.cloudflare.com/turnstile/v0/siteverify

Hi. I try to fetch https://challenges.cloudflare.com/turnstile/v0/siteverify to verify captcha, but it’s return CORS error for my domain https://techfeedback.cc
How can I fix this or add CORS header on Cloudflare side?

2023-05-15_11-33-011900×130 36.7 KB

Have you allowlisted your domain on turnstile dashboard?
If not, then adding domain to allowlist might fix this.

You mean this? Domain added, yes

2023-05-15_12-53-07796×769 42.3 KB

Hi @affmario.12, are you calling that API from client-side JavaScript? Siteverify must be called from your backend, see Server-side validation · Cloudflare Turnstile docs.

Hi. Yes, I created Worker and route via instruction, and now get this response:

image841×47 3.2 KB

My worker code:

const SECRET_KEY = '<my-key>';

async function handlePost(request) {
	const body = await request.formData();
	const token = body.get('cf-turnstile-response');
	const ip = request.headers.get('CF-Connecting-IP');
	let formData = new FormData();
	formData.append('secret', SECRET_KEY);
	formData.append('response', token);
	formData.append('remoteip', ip);

	const url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
	const result = await fetch(url, {
		body: formData,
		method: 'POST',
	});

	const outcome = await result.json();
	if (!outcome.success) {
        return new Response('The provided Turnstile token was not valid! \n' + JSON.stringify(outcome));
    }
    return new Response('Turnstile token successfuly validated. \n' + JSON.stringify(outcome));
}

export default {
    async fetch(request) {
        if (request.method === 'POST') {
            return await handlePost(request);
        }
        return new Response(body, {
            headers: {
                'Content-Type': 'text/html',
            },
        });
    },
};