Skip Navigation

What are guards?

Guards are a way to prevent form submission before field validation. They are intended for security checks, like CSRF, honeypot or captchas.

Conceptually, guards and actions are similar. Unlike guards, actions are ran after form validation & can be configured with form-specific settings through the panel. Guards can be enabled or disabled globally only in the config.

By default, CSRF & honeypot guards are enabled. It is most likely the responsibility of the sites' developer and not meant to be changed by the editor.

Some guards might have a "silent" option, which means that they will not show any error messages to the user, but instead show the default success screen, except if debug mode is enabled. Keep this in mind when reporting potential issues.

Available guards

Guards created by the Community

  • None

Configuring guards

You can enable or disable used guards in your config.php by supplying an array to tobimori.dreamform.guards.available with the types. When activating new guards, make sure to check the documentation of each Guard to see if they require additional configuration.

// site/config/config.php

return [
  'tobimori.dreamform' => [
    'guards' => [
      'available' => ['csrf', 'honeypot', 'turnstile', 'ratelimit', /* other guards here */ ],


tobimori.dreamform.guards. Default Accepts Description
available ['csrf', 'honeypot'] array Active guards to protect your form