I have searched many question on SO related to this. But nothing solves my issue. I am using google recaptcha v2 in an asp.net mvc5 app. It works fine in google chrome. But it is showing some error in firefox and edge browsers. I suspect this as something related to content security policy headers.
Error in Firefox
Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified
Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified
Error in Edge
Security of a sandboxed iframe is potentially compromised by allowing script and same origin access.
Due to this error recaptcha is not working since it get timed out everytime
I've tried to add csp headers like this in web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://www.gstatic.com" />
</customHeaders>
</httpProtocol>
</system.webServer>
But this doesn't work as well as my page got broken since all other files got blocked by the browser