Turnstile Console Error Tornado!

  • Resolved meatsgood

    (@meatsgood)


    1 week, 4 days ago

    I have used CF7 successfully for years on many sites. I changed from Google ReCaptcha to Cloudflare Turnstile when Google started getting pushy. Recently, I have discovered that all of my client sites that use CF7 and Turnstile produce an ERROR cascade in the console. It happens with the native integration panel as well as with the Simple Turnstile Plugin. It happens on every site that uses CF7 and Turnstile together. I happens on two different hosting platforms and all browsers. It does NOT happen when I use Turnstile with WPForms. It does NOT happen when I use a Bricks form with Turnstile. My CF7 forms seem to be working, but I literally get hundreds of errors (and warnings) that makes my console useless. Has anyone else seen this? It appears to be easily reproducible. I should mention, that if I replace Turnstile integration with Google ReCaptcha integration, all errors go away. I really want to use Turnstile. It appears that maybe this is simply a matter of error handling in the CF7 plugin. Is that possible?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Web1776

    (@commareus)

    1 week, 1 day ago

    I’m seeing the same on multiple sites.

    JQMIGRATE: Migrate is installed, version 3.4.1
    normal?lang=auto:1 
    normal?lang=auto:1 [Violation] Permissions policy violation: xr-spatial-tracking is not allowed in this document.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 [Violation] Permissions policy violation: xr-spatial-tracking is not allowed in this document.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 Request for the Private Access Token challenge.
    normal?lang=auto:1 Failed to parse audio contentType: audio/mp4; codecs=ac-3
    Jo @ normal?lang=auto:1Understand this warning
    normal?lang=auto:1 Failed to parse audio contentType: audio/mp4; codecs=ec-3
    Jo @ normal?lang=auto:1Understand this warning
    normal?lang=auto:1 Invalid (ambiguous) video codec string: video/webm; codecs=vp9
    Jo @ normal?lang=auto:1Understand this warning
    normal?lang=auto:1 Failed to parse video contentType: video/ogg; codecs=theora
    Jo @ normal?lang=auto:1Understand this warning
    normal?lang=auto:1 Form submission canceled because the form is not connected
    Jo @ normal?lang=auto:1Understand this warning
    normal?lang=auto:1 This document requires 'TrustedHTML' assignment. The action has been blocked.
    Jm @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedHTML' assignment. The action has been blocked.
    Jm @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedScript' assignment. The action has been blocked.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedScript' assignment. The action has been blocked.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedScriptURL' assignment. The action has been blocked.
    Jm @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedScriptURL' assignment. The action has been blocked.
    Jm @ normal?lang=auto:1Understand this error
    about:srcdoc:1 Executing inline script violates the following Content Security Policy directive 'script-src 'nonce-AvnBZ6e8SNQ00MbBM3oiSH' 'unsafe-eval''. Either the 'unsafe-inline' keyword, a hash ('sha256-eJGI0Ik4oYe/PKLDOt4wcN76wYs8h+Ew05pMzdY6xG8='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
    about:srcdoc:1 Executing inline script violates the following Content Security Policy directive 'script-src 'nonce-AvnBZ6e8SNQ00MbBM3oiSH' 'unsafe-eval''. Either the 'unsafe-inline' keyword, a hash ('sha256-eJGI0Ik4oYe/PKLDOt4wcN76wYs8h+Ew05pMzdY6xG8='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.Understand this error
    normal?lang=auto:1 This document requires 'TrustedScript' assignment. The action has been blocked.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 This document requires 'TrustedScript' assignment. The action has been blocked.
    Jo @ normal?lang=auto:1Understand this error
    normal?lang=auto:1 The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate     as value and it is preloaded intentionally.Understand this warning
    normal?lang=auto:1 The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate as value and it is preloaded intentionally.
    Thread Starter meatsgood

    (@meatsgood)

    1 week, 1 day ago

    Yes, my impression at this point is that this is normal operation for Turnstile. See my post on the WordPress subReddit. My last comment links to the Cloudflare login page, which uses Turnstile. Wouldn’t you know it, error tornado happens there as well. Some people have suggested that this is a byproduct of their validation process, which essentially is trying to throw errors to prove you are a real user on a real browser. Weirdly, they (Cloudflare) don’t seem to answer the multitude of posts on this topic in their own forum. Here’s the link: https://www.reddit.com/r/Wordpress/comments/1tfyhtf/comment/ommm4xn/?context=1 . It is curious to me that I don’t see the error tornado on sites that use WPForms, even when I use Turnstile on them. Perhaps there is a way to muffle that output, but only WPForms employs it?

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Tags