altcha 0.4.3 → 0.5.1

package/README.md

@@ -8,7 +8,18 @@ https://altcha.org
 
 - __Friction-less__ - Using PoW instead of visual puzzles.
 - __Cookie-less__ - GDPR compliant by design.
-- __Self-hosted__ - Without reliance on external providers.
+- __Self-hosted__ - Without reliance on external providers in self-hosted mode.
+- __SaaS available__ - Visit [altcha.org](https://altcha.org/docs/api) to get started with the SaaS API.
+
+## Integrations
+
+- [WordPress plugin](https://github.com/altcha-org/wordpress-plugin)
+- [Other libraries and plugins](https://altcha.org/docs/integrations/)
+
+## More anti-spam solutions
+
+- [Spam Filter](https://altcha.org/anti-spam) - stop sophisticated attacks and human-generated spam by classifying data.
+- [ALTCHA lib](https://github.com/altcha-org/altcha-lib) - invisible Captcha, custom components and server-side M2M ALTCHA.
 
 ## Usage
 
@@ -50,6 +61,10 @@ See the [configuration](#configuration) below or visit the [website integration
 
 See [server documentation](https://altcha.org/docs/server-integration) for more details.
 
+## Content Security Policy (CSP)
+
+The default distribution bundle of the WebComponent includes styles and the worker in a single file. This might cause issues with strict CSP rules. If you require strict CSP compliance, consider using the scripts located in the `/dist_external` directory. For more details, please refer to the [documentation](https://altcha.org/docs/website-integration).
+
 ## Configuration
 
 Required options (at least one is required):
@@ -70,7 +85,8 @@ Additional options:
 - __strings__ - JSON-encoded translation strings. Refer to [customization](/docs/widget-customization).
 - __refetchonexpire__ - Automatically re-fetch and re-validate when the challenge expires (defaults to true).
 - __verifyurl__ - Enable server-side verification by configuring the URL to use for verification requests. This option can be used in conjunction with `spamfilter` to enable server-side verification.
-- __workers__ - The number of workers to utilize for PoW (defaults to `navigator.hardwareConcurrency || 8`).
+- __workers__ - The number of workers to utilize for PoW (defaults to `navigator.hardwareConcurrency || 8`, max. value `16`).
+- __workerurl__ - The URL of the Worker script (defaults to `./worker.js`, only works with `external` build).
 
 Development / testing options:
 
@@ -160,7 +176,7 @@ document.querySelector('#altcha').addEventListener('statechange', (ev) => {
 
 ## Spam Filter
 
-The widget integrates with ALTCHA's [Spam Filter API](https://altcha.org/docs/api/spam-filter-api) to allow checking submitted form data for potential spam.
+The widget integrates with ALTCHA's [Anti-Spam solution](https://altcha.org/anti-spam) to allow checking submitted form data for potential spam.
 
 The Spam Filter API analyzes various signals in the submitted data to determine if it exhibits characteristics of spam. This non-invasive filtering helps reduce spam submissions without frustrating legitimate users.
 
@@ -188,6 +204,8 @@ SpamFilter configuration options:
 - __ipAddress__ - The user's IP is detected automatically but can be overridden or disabled with `false`.
 - __timeZone__ - The user's timezone is detected automatically but can be overridden or disabled with `false`.
 
+To include the email field into `fields` (for easier server-side verification), configure the list of input names using the `spamfilter.fields: string[]` option.
+
 ### Exclude Inputs from Spam Checking
 
 By default, all text inputs and textareas within the parent form are spam-checked. To exclude a specific input, add the `data-no-spamfilter` attribute. Alternatively, explicitly list the checked fields using the `fields` config option.