What would you like to see?
I would like to see built-in CAPTCHA support for public-facing Password Pusher forms, especially forms that can be accessed without authentication or used by outside users.
Ideally, Password Pusher could support multiple CAPTCHA providers through environment variables, such as:
- Cloudflare Turnstile
- Google reCAPTCHA
- hCaptcha
Example environment variables could include:
PWP__CAPTCHA__ENABLED=true
PWP__CAPTCHA__PROVIDER=cloudflare_turnstile
PWP__CAPTCHA__SITE_KEY=your-site-key
PWP__CAPTCHA__SECRET_KEY=your-secret-key
PWP__CAPTCHA__ENFORCE_ON_PUSH_CREATE=true
PWP__CAPTCHA__ENFORCE_ON_FILE_UPLOAD=true
PWP__CAPTCHA__ENFORCE_ON_REQUEST_FORM=true
PWP__CAPTCHA__ENFORCE_ON_SIGN_UP=true
### 🔈 Motivation
Password Pusher is commonly used for securely sharing sensitive information such as passwords, API keys, credentials, and files.
For self-hosted public instances, exposed forms could potentially become targets for automated bot submissions, spam, abuse, or SMTP-related abuse if email notifications are enabled.
Even if this is not currently a widespread issue, it could become a future problem for organizations that expose Password Pusher publicly.
Adding CAPTCHA or Turnstile support would help:
- Reduce automated spam submissions
- Protect public request forms
- Prevent abuse of SMTP/email notification systems
- Improve confidence when exposing Password Pusher to clients or vendors
- Give administrators more control over public-facing security
- Reduce the need for custom reverse-proxy or WAF-only workarounds
Cloudflare Turnstile would be especially helpful because it is privacy-friendly, user-friendly, and works well for organizations already using Cloudflare in front of their self-hosted applications.
### 🛰 Alternatives considered
Some alternatives exist, but they are not ideal:
1. Cloudflare WAF rules
Administrators can place Password Pusher behind Cloudflare and create custom WAF or managed challenge rules. However, this requires additional Cloudflare configuration and does not provide application-level validation.
2. IP restrictions
Limiting access by IP can work for internal-only deployments, but it does not work well when clients, vendors, remote employees, or outside users need access.
3. Disabling public forms
This reduces risk, but it also removes one of the useful workflows where outside users can submit sensitive information securely.
4. Custom application modifications
Self-hosted administrators could modify the application manually, but this creates maintenance issues and can break during upgrades.
Native CAPTCHA support controlled through environment variables would be cleaner, easier to maintain, and more accessible for self-hosted administrators.
### 📎 Additional context
This request is mainly focused on preventing future abuse of public-facing forms.
For example, an organization may host Password Pusher publicly so clients, vendors, or employees can securely submit credentials or files. If those forms are publicly accessible, bots could potentially submit spam content, trigger email notifications, or abuse the SMTP service connected to the instance.
Suggested provider support:
- Cloudflare Turnstile
- Google reCAPTCHA
- hCaptcha
Suggested form locations where CAPTCHA could be useful:
- Push creation forms
- File upload forms
- Request forms
- Sign-up forms, if public registration is enabled
- Any unauthenticated public submission form
It would also be helpful if CAPTCHA enforcement could be configured per form type through environment variables, so admins can decide where it is required.
### ✅ Checklist
- [x] I searched existing issues to make sure this hasn’t already been requested.
- [x] This request describes a single feature (not multiple unrelated items).
What would you like to see?
I would like to see built-in CAPTCHA support for public-facing Password Pusher forms, especially forms that can be accessed without authentication or used by outside users.
Ideally, Password Pusher could support multiple CAPTCHA providers through environment variables, such as:
Example environment variables could include: