Skip to main content

Cloudflare Turnstile

PDF, RTF, and HTML declaration routes now require a valid Cloudflare Turnstile token. Configure the secret in your deployment environment so the verification handshake succeeds.

# .env
TURNSTILE_SECRET_KEY=your_cloudflare_turnstile_secret
NEXT_PUBLIC_TURNSTILE_SITE_KEY=your_cloudflare_turnstile_site_key

Optional environment variable names supported (fallback order):

  • TURNSTILE_SECRET
  • CLOUDFLARE_TURNSTILE_SECRET

Ensure the client obtains a Turnstile token (for example with @marsidev/react-turnstile) and includes it via the cf-turnstile-response header or query parameter when calling the protected routes.