### Install Bundle via Composer Source: https://github.com/pixel-open/cloudflare-turnstile-bundle/blob/develop/README.md Run this command in your terminal to add the bundle to your project dependencies. ```bash composer require pixelopen/cloudflare-turnstile-bundle ``` -------------------------------- ### Set Environment Variables Source: https://github.com/pixel-open/cloudflare-turnstile-bundle/blob/develop/README.md Add your Cloudflare site and secret keys to your .env file. ```text TURNSTILE_KEY="1x00000000000000000000AA" TURNSTILE_SECRET="2x0000000000000000000000000000000AA" ``` -------------------------------- ### Register Bundle in Symfony Source: https://github.com/pixel-open/cloudflare-turnstile-bundle/blob/develop/README.md Add the bundle class to your config/bundles.php file to enable it. ```php PixelOpen\CloudflareTurnstileBundle\PixelOpenCloudflareTurnstileBundle::class => ['all' => true] ``` -------------------------------- ### Configure Testing Keys Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt Define test keys in your configuration to simulate different Turnstile verification outcomes during development. ```yaml # config/packages/dev/pixel_open_cloudflare_turnstile.yaml pixel_open_cloudflare_turnstile: # Always passes - use for development key: '1x00000000000000000000AA' secret: '1x0000000000000000000000000000000AA' enable: true # Alternative test configurations: # Always blocks: # key: '2x00000000000000000000AB' # secret: '2x0000000000000000000000000000000AA' # # Forces interactive challenge: # key: '3x00000000000000000000FF' # secret: '1x0000000000000000000000000000000AA' # # Token already spent error: ``` -------------------------------- ### Configure Turnstile Settings Source: https://github.com/pixel-open/cloudflare-turnstile-bundle/blob/develop/README.md Define the bundle configuration in a YAML file within your Symfony packages directory. ```yaml pixel_open_cloudflare_turnstile: key: '%env(TURNSTILE_KEY)%' secret: '%env(TURNSTILE_SECRET)%' enable : true ``` -------------------------------- ### Configure Cloudflare Turnstile Bundle Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt Configure the bundle in `config/packages/pixel_open_cloudflare_turnstile.yaml` using your Cloudflare Turnstile site key and secret key. The `enable` option can disable validation globally. ```yaml # config/packages/pixel_open_cloudflare_turnstile.yaml pixel_open_cloudflare_turnstile: key: '%env(TURNSTILE_KEY)%' secret: '%env(TURNSTILE_SECRET)%' enable: true ``` -------------------------------- ### Set Cloudflare Turnstile API Keys in .env Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt Define the `TURNSTILE_KEY` and `TURNSTILE_SECRET` environment variables in your `.env` file. ```bash # .env TURNSTILE_KEY="1x00000000000000000000AA" TURNSTILE_SECRET="2x0000000000000000000000000000000AA" ``` -------------------------------- ### Manual Verification with CloudflareTurnstileHttpClient Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt Use the CloudflareTurnstileHttpClient service for manual token verification outside of the standard Symfony validator flow. ```php turnstileClient->verifyResponse($turnstileResponse); if (!$isValid) { $this->logger->warning('Turnstile verification failed', [ 'ip' => $formData['ip'] ?? 'unknown', ]); return [ 'success' => false, 'error' => 'CAPTCHA verification failed. Please try again.', ]; } $this->logger->info('Turnstile verification successful'); // Continue with business logic return [ 'success' => true, 'message' => 'Verification passed, processing request.', ]; } } ``` -------------------------------- ### Register Cloudflare Turnstile Bundle in Symfony Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt Register the bundle in your Symfony application's `config/bundles.php` file to enable its services. ```php // config/bundles.php return [ // ... other bundles PixelOpen\CloudflareTurnstileBundle\PixelOpenCloudflareTurnstileBundle::class => ['all' => true], ]; ``` -------------------------------- ### Test Contact Form Submission with Turnstile Source: https://context7.com/pixel-open/cloudflare-turnstile-bundle/llms.txt This test demonstrates submitting a contact form with Cloudflare Turnstile enabled. With test keys configured, the Turnstile widget automatically passes validation. ```php request('GET', '/contact'); // With test keys configured, the Turnstile widget will auto-pass $form = $crawler->selectButton('Send Message')->form([ 'contact[name]' => 'John Doe', 'contact[email]' => 'john@example.com', 'contact[message]' => 'This is a test message.', ]); $client->submit($form); $this->assertResponseRedirects('/contact/success'); } public function testDisabledTurnstileInTestEnvironment(): void { // When enable: false is set, validation is skipped entirely $client = static::createClient(['environment' => 'test']); $crawler = $client->request('GET', '/contact'); $form = $crawler->selectButton('Send Message')->form([ 'contact[name]' => 'Jane Doe', 'contact[email]' => 'jane@example.com', 'contact[message]' => 'Testing with Turnstile disabled.', ]); $client->submit($form); $this->assertResponseIsSuccessful(); } } ``` -------------------------------- ### Apply Turnstile Validation via Attributes Source: https://github.com/pixel-open/cloudflare-turnstile-bundle/blob/develop/README.md Use the CloudflareTurnstile attribute on DTO or entity properties to enforce validation. ```php