There've been a bunch of small updates since the last "official" release, but I'm announcing another release now because I just fixed an important bug. If you've published a real website with platypub, you should upgrade soon.
The recaptcha verification on the backend was completely broken because I forgot to add an await somewhere, so any bots who try to sign up for your newsletter will get through easily. (I noticed this because I started getting a bunch of fishy looking signups myself a few days ago.)
To upgrade:
- Do a
git pullon Platypub so you have the latest commits. - If you have any custom themes, change the
:git/shafor platypub/the default theme dependency to"c24d2f82585bd9a285417e98e8ffa997815529aa" - If you're running Platypub in production, deploy (
./task deploy, or./task soft-deploywould work too in this case) - Go to the "Sites" page in Platypub and hit "Publish" on all your websites.
To verify the recaptcha test is working, you can run curl --verbose https://<yourwebsite>.com/.netlify/functions/subscribe -d email=<email address> and make sure the request fails. For example:
$ curl --verbose https://biffweb.com/.netlify/functions/subscribe -d [email protected]
...
< location: https://biffweb.com/?error=recaptcha-failed&email=hello%40jacobobryant.com
...And then try to sign up from your web browser and make sure the signup works.
I have also added "Page" and "Referrer" fields to the Subscribers page in Platypub. It's normal for the referrer to be blank, but if the page is blank, that's pretty fishy. Basically it means that javascript was disabled, which means there's a high probability of it being a bot. Though since recaptcha wasn't working, it is possible that humans with javascript disabled would still be able to get through the signup form. Going forward, to get past the recaptcha test, you'd have to enable javascript.