Need help with honeypot-captcha?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

curtis
132 Stars 30 Forks MIT License 107 Commits 11 Opened issues

Description

A simple way to add honeypot captchas in your Rails forms.

Services available

!
?

Need anything else?

Contributors list

# 576,228
25 commits
# 105,784
Rails
rails6
mobx-st...
arcgis
7 commits
# 139,351
Node.js
Elixir
streami...
streami...
2 commits
# 406,388
HTML
JavaScr...
Rails
1 commit
# 76,905
Rails
spotify
mpd
sidekiq
1 commit
# 506,378
Ruby
1 commit

Honeypot Captcha

The simplest way to add honeypot captchas in your Rails forms.

Honeypot captchas work off the premise that you can present different form fields to a spam bot than you do to a real user. Spam bots will typically try to fill all fields in a form and will not take into account CSS styles.

We add bogus fields to a form and then check to see if those fields are submitted with values. If they are, we assume that we encountered a spam bot.

Requirements

  • Rails >= 2.3.8

Installation

In your Gemfile, simply add

gem 'honeypot-captcha'

Usage

I've tried to make it pretty simple to add a honeypot captcha, but I'm open to any suggestions you may have. By default,

create
and
update
actions are protected. For other actions, see below.

form_for

Simply specify that the form has a honeypot in the HTML options hash:

 { :honeypot => true } do |form| -%>
  ...

form_tag with block

Simply specify that the form has a honeypot in the options hash:

 true do -%>
  ...

form_tag without block

Simply specify that the form has a honeypot in the options hash:

 true -%>
  ...

simpleformfor

Simply specify that the form has a honeypot in the HTML options hash:

 { :honeypot => true } do |form| -%>
  ...

Protection for actions other than
create
and
update

If you are submitting a form to a non-RESTful action and require honeypot protection, simply add the before filter for that action in your controller. For example:

class NewsletterController < ApplicationController
  prepend_before_action :protect_from_spam, :only => [:subscribe]
  ...
end

Customizing the honeypot fields

Override the

honeypot_fields
method within
ApplicationController
to add your own custom field names and values. For example:
def honeypot_fields
  {
    :my_custom_comment_body => 'Do not fill in this field, sucka!',
    :another_thingy => 'Really... do not fill out!'
  }
end

NOTE:

honeypot_fields
hash keys are used at the beginning of the generated HTML id attributes. The HTML 4.01 spec states that ids must start with a letter ([A-Za-z]), so be aware of this when creating the hash keys. HTML5 is much less strict.

Override the

honeypot_string
method within
ApplicationController
to disguise the string that will be included in the honeypot name. For example:
def honeypot_string
  'im-not-a-honeypot-at-all'
end

Override the

honeypot_style_class
method within
ApplicationController
to provide a non-inline CSS class that will be applied to hide honeypot fields (if nil, the style will be applied inline). For example:
def honeypot_style_class
  'display-none'
end

... assigns an HTML class for styling purposes:

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.