diff --git a/docs/guide/index.md b/docs/guide/index.md index 00745ed..8071d4e 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -40,7 +40,7 @@ Start by adding importing the Cap widget library from a CDN: ::: ::: warning -We're using the latest version of the library here for simplicity, but you should optimally pin a specific version to avoid breaking changes in the future. +You should optimally pin a specific version to avoid breaking changes instead of using @latest ::: Next, add the `` component to your HTML. @@ -49,9 +49,7 @@ Next, add the `` component to your HTML. ``` -::: info -You'll need to start a server with the Cap API running at the same URL as specified in the `data-cap-api-endpoint` attribute. In the server-side example we provided, it's set to `/api`, but you can change this by replacing every `app.post('/api/...', ...)` to `app.post('//...', ...)`. -::: +You'll need to start a server with the Cap API running at the same URL as specified in the `data-cap-api-endpoint` attribute. In the server-side example we provided, it's set to `/api`, but you can change this by replacing every `app.post('/api/...', ...)` to `app.post('//...', ...)`. We'll tell you how to set up the server in the next section. Then, in your JavaScript, listen for the `solve` event to capture the token when generated: @@ -245,6 +243,10 @@ app.listen(3000, () => { ::: +::: warning +These example codes don't have ratelimiting for simplicity. Make sure to add proper ratelimiting to your endpoints to prevent abuse. +::: + ### Token validation Once the token is generated and captured, you can use it later to validate the user's identity. You can do this by calling `await cap.validateToken` in your server-side code: diff --git a/docs/guide/server.md b/docs/guide/server.md index 6a736b0..e870969 100644 --- a/docs/guide/server.md +++ b/docs/guide/server.md @@ -168,6 +168,10 @@ app.listen(3000, () => { ::: +::: warning +These example codes don't have ratelimiting for simplicity. Make sure to add proper ratelimiting to your endpoints to prevent abuse. +::: + Then, you can verify the CAPTCHA tokens on your server by calling the `await cap.validateToken("")` method. Example: ```js