Comments (13)
Sorry yes the passive mode was just implemented on validators today haha. Passive mode on forms is still to come, but kinda useless until the quarantine also works (next up) and the logging (after that). All require events (added today 😉 ).
I actually only tagged 0.1 today so our internal projects I'm using for testing can use stable packages. However that DOES mean that I'm actively doing release management, and releases should be stable and reliable. Just not feature complete yet.
from antispam-bundle.
Sorry, didn't realize this bundle was still in heavy development.
I see you just added the passive mode earlier today and is unreleased but even using dev, making it true in my configuration profile still creates validation errors.
from antispam-bundle.
So yes it's a feature, not a bug haha.
from antispam-bundle.
Looks like configuring passive in the profile's config works but not the global config yet?
from antispam-bundle.
Correct, already fixed locally.
from antispam-bundle.
It may be downright confusing right now though. The profiles have their own stealth
and passive
settings, which override the global config. In practice the global settings are only used by validators and form types outside of profile context. It may cause confusion that the global settings aren't doing anything if the profiles have defaults that override them (and at least for stealth
for good reason).
Thinking on how to make that clearer and/or make more intuitive.
from antispam-bundle.
Ok, so the solution for the recipe is to enable passive on the default profile, correct?
In practice the global settings are only used by validators and form types outside of profile context.
Ahh, ok, yeah, I didn't realize this was the intention.
from antispam-bundle.
Ok, so the solution for the recipe is to enable passive on the default profile, correct?
Yes that would be the quick fix.
from antispam-bundle.
I think for Stealth
the current situation is fine (global default false, profile default true).
However for Passive
I think it makes more sense that the profiles default to null
, meaning fall back to global. In that case the current recipe would still work, and that's intuitive methinks.
from antispam-bundle.
Let's first figure out the purpose of the global options:
- passive: my intuition told me this was a global override (for profiles/validators/types). The use case would be to enable globally in production to perhaps debug issues or to disable in tests.
- stealth: this one I have a hard time understanding the purpose. I can't think of why you'd want to configure this one globally - can you describe the use case? I wonder if this global option is required?
One idea would be to remove these two global options and replace with enabled
(defaults to true
). When false
, all antispam configuration is ignored. This would be the easiest to reason about but... you'd lose logging/quarantining.
from antispam-bundle.
On the passive
option we agree then, and my proposal above to make it overridable on the profile level is correct.
For the stealth
option it is important to keep in mind that this bundle provides a ton of form types and validators (and will have more in the future), and the option to organize them into profiles for easy mass application. The profiles are expected to fit the 95+% use case, but in some cases you may want to customize or have dynamic settings. You can, and some people will, use the validators in any entity, in APIs (no forms, so no profiles!) or on plain old objects. You can, and some people will, use the form types manually, for example when the honeypot or submit timer settings are actually made configurable, or forms are dynamically created.
The global stealth
option applies to all bundle components when used in the ~1% use case, outside a profile. It's merely a shorthand for setting it manually on every single validator and form type.
from antispam-bundle.
Thanks for the explanation, I understand. So what about the following for global config:
- passive, keep as now
- stealth, match passive behaviour - I feel it's confusing if the logic is different so global=true, profile=null
- enabled, add as a global option - this would be what we disable
when@test
in the recipe
from antispam-bundle.
It should make more sense now: https://omines.github.io/antispam-bundle/features/
from antispam-bundle.
Related Issues (13)
- Dependency Dashboard
- Feature: Rate Limiting HOT 4
- Feature: logging HOT 7
- Feature: fake success HOT 4
- Feature: more robust honeypot widget HOT 2
- Doc: enable antispam for specific functional tests HOT 3
- Minor: `AntiSpam::$lastResult` should be reset after the request is handled
- Feature: enable throwing a `SpamDetectedException` when spam is detected HOT 5
- Feature: commands to browse and analyze quarantine HOT 1
- Float instead of a int for the min timer value ? HOT 3
- Error in french translation HOT 3
- deprecation notice HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from antispam-bundle.