From 682e280c7fc978bca6f55ea9280a92d865af7eac Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Wed, 29 Jan 2025 13:27:34 -0800 Subject: [PATCH 1/2] first edits --- src/content/docs/turnstile/concepts/ephemeral-id.mdx | 2 +- src/content/docs/turnstile/concepts/hostname-management.mdx | 2 +- .../docs/turnstile/get-started/client-side-rendering.mdx | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/content/docs/turnstile/concepts/ephemeral-id.mdx b/src/content/docs/turnstile/concepts/ephemeral-id.mdx index 272a8605427f44d..dd9fe81e806beae 100644 --- a/src/content/docs/turnstile/concepts/ephemeral-id.mdx +++ b/src/content/docs/turnstile/concepts/ephemeral-id.mdx @@ -10,7 +10,7 @@ Ephemeral IDs generate a unique short-lived ID that can link behavior to a speci When the same visitor interacts with Turnstile widgets from different Cloudflare customers, they receive different Ephemeral IDs for each contact. In attacks where fraudsters attempt to disguise themselves using different IP addresses, Ephemeral IDs detect abuse patterns more accurately than determining whether the visitor is a human or a bot. -Ephemeral IDs not unique and have a lifespan of up to a few days. They can be useful for identifying a bad actor in acute attacks such as sudden spikes in fake account creations or credential stuffing. +Ephemeral IDs are not unique and have a lifespan of up to a few days. They can be useful for identifying a bad actor in acute attacks such as sudden spikes in fake account creations or credential stuffing. Refer to the [blog post](https://blog.cloudflare.com/turnstile-ephemeral-ids-for-fraud-detection/) for more information. diff --git a/src/content/docs/turnstile/concepts/hostname-management.mdx b/src/content/docs/turnstile/concepts/hostname-management.mdx index c7318589998bb3b..816549bd77cead2 100644 --- a/src/content/docs/turnstile/concepts/hostname-management.mdx +++ b/src/content/docs/turnstile/concepts/hostname-management.mdx @@ -61,6 +61,6 @@ If the widget is embedded on a hostname not listed, it will display an error mes ## Optional hostname validation (Enterprise only) -Customers with Enterprise Bot Management or Enterprise Turnstile can have the optional any hostname validation entitlement. +Customers with Enterprise Bot Management or Enterprise Turnstile can have the optional `any hostname` validation entitlement. By default, a widget requires at least one hostname to be entered. With this entitlement, you can create and use a widget without entering any hostnames for the widget. Contact your account team to enable this entitlement. \ No newline at end of file diff --git a/src/content/docs/turnstile/get-started/client-side-rendering.mdx b/src/content/docs/turnstile/get-started/client-side-rendering.mdx index 9bc9748f0e5966d..624d1a2bdd1b39f 100644 --- a/src/content/docs/turnstile/get-started/client-side-rendering.mdx +++ b/src/content/docs/turnstile/get-started/client-side-rendering.mdx @@ -86,7 +86,9 @@ https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit When using `render=explicit`, HTML elements with the `cf-turnstile` class will not show a challenge. The `turnstile.render` function must be invoked using the following steps. To combine both options, pass a query string of `?render=explicit&onload=onloadTurnstileCallback`: -`https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit&onload=onloadTurnstileCallback` +```txt +https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit&onload=onloadTurnstileCallback +``` ## Explicitly render the Turnstile widget From aa0e05559d0d2820fc4c3238b15f0c58a04b22b1 Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Mon, 3 Feb 2025 11:36:10 -0800 Subject: [PATCH 2/2] another typo --- .../docs/turnstile/reference/content-security-policy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/turnstile/reference/content-security-policy.mdx b/src/content/docs/turnstile/reference/content-security-policy.mdx index 821164f7f32e4f9..7e410f8931a5721 100644 --- a/src/content/docs/turnstile/reference/content-security-policy.mdx +++ b/src/content/docs/turnstile/reference/content-security-policy.mdx @@ -22,7 +22,7 @@ We recommend validating your CSP with [Google's CSP Evaluator](https://csp-evalu You cannot set your own CSP and/or Referer-Policy via meta tags or [Transform rules](/rules/transform/) in challenge pages. ::: -## Pre-Clearance support +## Pre-clearance support If you are using [Turnstile in pre-clearance mode](/turnstile/concepts/pre-clearance-support/), Turnstile sets the `cf_clearance` cookie by doing a fetch request to a special endpoint in [`/cdn-cgi/`](/fundamentals/reference/cdn-cgi-endpoint/) of your domain.