What are guards?
Guards are a way to prevent form submission before field validation. They are intended for security checks, like CSRF, honeypot or captchas.
Conceptually, guards and actions are similar. Unlike guards, actions are ran after form validation & can be configured with form-specific settings through the panel. Guards can be enabled or disabled globally only in the config.
By default, CSRF & honeypot guards are enabled. It is most likely the responsibility of the sites' developer and not meant to be changed by the editor.
Some guards might have a "silent" option, which means that they will not show any error messages to the user, but instead show the default success screen, except if debug mode is enabled. Keep this in mind when reporting potential issues.
Available guards
Akismet
Fight spam with Akismet, an API platform used by millions of sites.
CSRF
Validate CSRF tokens of form submisisons
Honeypot
Trick bots into entering data in an invisible field
Turnstile Captcha
Integrate the free Captcha alternative by CloudFlare
Rate Limit
Limit submission requests from an IP address
Guards created by the Community
- None
Configuring guards
You can enable or disable used guards in your config.php by supplying an array to tobimori.dreamform.guards.available with the types. When activating new guards, make sure to check the documentation of each Guard to see if they require additional configuration.
// site/config/config.php
return [
'tobimori.dreamform' => [
'guards' => [
'available' => ['csrf', 'honeypot', 'turnstile', 'ratelimit', /* other guards here */ ],
],
],
];Options
| tobimori.dreamform.guards. | Default | Accepts | Description |
|---|---|---|---|
| tobimori.dreamform.guards. available |
Default
['csrf', 'honeypot'] |
Accepts
array |
Active guards to protect your form |