Skip to content

Add spam prevention to grant application forms #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dergigi merged 6 commits into from
Jan 13, 2026
Merged

Add spam prevention to grant application forms #555

dergigi merged 6 commits into from
Jan 13, 2026

Conversation

@dergigi
Copy link
Member

@dergigi dergigi commented Jan 13, 2026

Add basic spam prevention to grant application forms (/apply/grant and /apply/lts). Submissions are silently rejected if a hidden honeypot field is filled (bots tend to fill all fields) or if the form is submitted in under 10 seconds (bots submit instantly).

  • Add isSpamSubmission() helper in utils/spam-helpers.ts
  • Add server-side spam check in /api/sendgrid.ts with silent 200 OK rejection
  • Add honeypot field and formLoadedAt timestamp to both application forms

@dergigi
feat: add spam detection utility
86d061d 
Add isSpamSubmission helper function that checks for:
- Honeypot field being filled (bots fill hidden fields)
- Form submissions under 10 seconds (bots submit instantly)
@dergigi
feat: add spam check to sendgrid API endpoint
9c31c8e 
Silently reject submissions that fail spam detection checks.
Returns 200 OK to prevent bots from knowing they were blocked.
@dergigi
feat: add spam prevention fields to GrantApplicationForm
daef890 
Add honeypot field and form load timestamp for spam detection.
@dergigi
feat: add spam prevention fields to LTSApplicationForm
2948196 
Add honeypot field and form load timestamp for spam detection.
@vercel
Copy link

vercel bot commented Jan 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
os-website Ready Ready Preview, Comment Jan 13, 2026 2:33pm

@dergigi dergigi self-assigned this Jan 13, 2026
@dergigi
Copy link
Member Author

dergigi commented Jan 13, 2026

Same as #552 but simpler.

I'll go ahead and merge this & see if it solves the current issue. If it does not we'll have to think of something more sophisticated.

Thank you for taking initiative on this @BoltTouring! 🙏🧡

@dergigi
feat: add spam check to github API endpoint
ebbf651 
Silently reject submissions that fail spam detection checks.
Returns 200 OK to prevent bots from knowing they were blocked.
@dergigi
chore: remove console.log from application forms
efb4f0a
@dergigi dergigi merged commit 6b92d5f into master Jan 13, 2026
3 checks passed
@dergigi dergigi deleted the naive-spam-prevention branch January 13, 2026 14:34
@dergigi dergigi mentioned this pull request Jan 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dergigi dergigi

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dergigi