Turnstile + SSL/TLS Custom Hostnames

While Cloudflare offers powerful features, hosting Turnstile widgets for custom domains using SSL/TLS custom hostnames poses challenges. This issue potentially compromises site and customer security.

Enterprise users have the flexibility to allow any domain by default, but budget constraints limit this option for many users already using SSL/TLS custom hostnames. It’s counterintuitive that a feature meant to enhance our service creates a security disadvantage due to additional hostname limitations in Turnstile.

My request is straightforward – I propose the automatic allowance of SSL/TLS custom hostnames on Turnstile for all users. This would ensure that users leveraging Turnstile and utilizing custom hostnames have access to the same level of protection, irrespective of their subscription tier.

The current limitations with Turnstile’s handling of custom/additional hostnames impact our ability to provide a secure and efficient service to our clients, and I believe addressing this issue would greatly enhance the user experience for a significant portion of the Cloudflare community.

Something must be clear: SSL/TLS custom hostnames should not be treated in the same way as additional domains for Turnstile. Additional domains allows you to host the Turnstile widget on multiple sites (limited to 10 domains), while SSL/TLS custom hostnames are just aliases for creating vanity domains and allow third-parties to create custom CNAMEs pointing to the same site (which currently, also need to be manually added to the allowed domains, and the same 10 domain limit affects).

This problem prevents the widget from rendering on the same site for customers using a custom CNAME (SSL/TLS custom hostnames, which are aliases), creating a security disadvantage for those seeking customization and now have to decide if continue using Turnstile, or use a different approach like hCaptcha on custom hostnames.

I request your support to bring attention to this feature request. If you share similar concerns or see value in this enhancement, expressing your interest and contributing to the discussion would be greatly appreciated.

6 Likes