Timeline for ReCAPTCHA is generating Content Security Policy warnings
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 26, 2019 at 6:46 | comment | added | iRaS |
First of all: you should always markup your code Content-Security-Policy:.... Anyway it is not soliving the problem as google itself sends the header content-security-policy: script-src 'nonce-T8Wbu0LZUf+nFg9x2onJ6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 that causes this issue.
|
|
| Feb 17, 2019 at 8:25 | comment | added | Aran Bins | I'm also still getting TONS more content security policy errors now after adding <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';"> | |
| Feb 17, 2019 at 8:24 | comment | added | Aran Bins | What if I'm using nginx and not apache for my web server? Where do I put " Header set Content-Security-Policy "default-src 'self';" " ? | |
| Feb 17, 2019 at 8:02 | comment | added | Aran Bins | I tried <meta http-equiv="Content-Security-Policy" content="script-src 'self';"> but now I'm getting Content Security Policy errors, even worse. | |
| Feb 17, 2019 at 8:01 | comment | added | anittas joseph | In your page head tag as meta key <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';"> developer.mozilla.org/en-US/docs/Web/HTTP/CSP Header set Content-Security-Policy "default-src 'self';" - also in your .htaccess file content-security-policy.com | |
| Feb 17, 2019 at 7:57 | comment | added | Aran Bins | I have no idea where to put this in my code: "Content-Security-Policy: script-src 'self'" Also, I'm not getting mixed content errors. I don't know what you mean. And your first link is not working. | |
| Feb 17, 2019 at 7:29 | history | answered | anittas joseph | CC BY-SA 4.0 |