Download the PHP package oliweb/laravel-cap without Composer

On this page you can find all versions of the php package oliweb/laravel-cap. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of oliweb/laravel-cap

Informations about the package laravel-cap

laravel-cap

A Laravel wrapper for Cap — the self-hosted, privacy-friendly CAPTCHA alternative based on Proof-of-Work.

Cap works without tracking, cookies, or third-party services. This package integrates server-side token verification into Laravel through a service, a facade, a middleware, a validation rule, and Blade directives.

Requirements

Installation

The service provider and facade are registered automatically via Laravel's package auto-discovery.

Publish the configuration file:

Publish the JS and CSS assets (required for @capScripts and @capStyles):

Publish the translation files (optional — to override messages):

Configuration

Add the following variables to your .env file:

Variable Description Default
CAP_ENDPOINT Full URL of your Cap instance including the site key (trailing slash required)
CAP_SECRET Secret key from your Cap dashboard
CAP_TOKEN_FIELD Name of the hidden field injected by the Cap widget cap-token
CAP_TIMEOUT HTTP timeout in seconds for the /siteverify request 5
CAP_FAIL_OPEN When true, let requests through on network/server errors (see below) false

Fail-open mode

By default, any communication error with the Cap instance (network failure, timeout, HTTP 5xx) blocks the request, just like an invalid token would.

Setting CAP_FAIL_OPEN=true inverts this: communication errors silently pass, so a Cap outage does not take your forms down with it.

An explicitly invalid token (success: false) is always rejected regardless of this setting. Fail-open only covers infrastructure failures, not verification failures.

Translations

Server-side messages (validation rule, middleware) are translatable. English and French are included out of the box.

To override or add a language, publish the translation files and edit lang/vendor/cap/{locale}/messages.php:

Laravel selects the right file automatically based on App::getLocale().

Widget styling

Publish the CSS asset and include it via @capStyles:

Edit public/vendor/cap/cap-widget.css to override the CSS custom properties exposed by the widget:

Usage

Blade directives

Include the Cap widget and its script in any Blade form:

Directive Output
@cap <cap-widget> with the configured endpoint
@capScripts <script> loading the widget from public/vendor/cap/cap-widget.js
@capStyles <link> loading the theme from public/vendor/cap/cap-widget.css

The widget automatically injects a hidden cap-token field into its parent form upon successful verification.

CSP nonce support

Both directives accept an optional nonce for strict Content Security Policies:

@cap passes the nonce as data-cap-csp-nonce on the widget element, which Cap uses internally for its workers and inline scripts. @capScripts passes the nonce as the standard nonce attribute on the <script> tag.

CSP headers

Cap's widget relies on Web Workers and WebAssembly for the Proof-of-Work computation. A strict CSP must account for this beyond the script nonce:

worker-src blob: is required because the widget spawns workers via Blob URLs. wasm-unsafe-eval is required for the WebAssembly hash computation.

Middleware

Protect any route by applying the cap.verify middleware:

Returns HTTP 422 with the message Cap verification failed. if the token is missing or invalid.

Validation rule

Use CapRule inside a Form Request or an inline validator:

Facade

Service (dependency injection)

verifyOrFail() throws a CapVerificationException if the token is invalid.

Testing

License

MIT

All versions of laravel-cap with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
illuminate/support Version ^11.0|^12.0|^13.0
illuminate/http Version ^11.0|^12.0|^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package oliweb/laravel-cap contains the following files

Loading the files please wait ...