VladPolskiy/gitlab-foss
1
0
Fork 0
mirror of https://gitlab.com/gitlab-org/gitlab-foss.git synced 2025-07-29 12:00:32 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
11f0927940e0d42ac733b7e952edc7c338a08e9b
gitlab-foss/doc/integration/recaptcha.md
GitLab Bot ca1dd21a37 Add latest changes from gitlab-org/gitlab@master
2025-04-02 15:13:26 +00:00

2.1 KiB
Raw Blame History

stage, group, info, title
stage group info title
Software Supply Chain Security Authorization To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments reCAPTCHA

{{< details >}}

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

GitLab leverages reCAPTCHA to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page to confirm that a real user, not a bot, is attempting to create an account.

Configuration

To use reCAPTCHA, first create a site and private key.

  1. Go to the Google reCAPTCHA page.
  2. To get reCAPTCHA v2 keys, fill in the form and select Submit.
  3. Sign in to your GitLab server as an administrator.
  4. On the left sidebar, at the bottom, select Admin.
  5. Select Settings > Reporting.
  6. Expand Spam and Anti-bot Protection.
  7. In the reCAPTCHA fields, enter the keys you obtained in the previous steps.
  8. Select the Enable reCAPTCHA checkbox.
  9. To enable reCAPTCHA for logins via password, select the Enable reCAPTCHA for login checkbox.
  10. Select Save changes.
  11. To short-circuit the spam check and trigger the response to return recaptcha_html:
    1. Open app/services/spam/spam_verdict_service.rb.
    2. Change the first line of the #execute method to return CONDITIONAL_ALLOW.

{{< alert type="note" >}}

Make sure you are viewing an issuable in a project that is public. If you're working with an issue, the issue is public.

{{< /alert >}}

Enable reCAPTCHA for user logins using the HTTP header

You can enable reCAPTCHA for user logins via password in the user interface or by setting the X-GitLab-Show-Login-Captcha HTTP header. For example, in NGINX, this can be done via the proxy_set_header configuration variable:

proxy_set_header X-GitLab-Show-Login-Captcha 1;

For Linux package instances, configure in /etc/gitlab/gitlab.rb:

nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => '1' }