问题描述

内容安全政策标头指令.com/recaptcha/docs/faq#im-using-content-security-policy-csp-on-my-site-how-can-i-configure-it-to-with-recaptcha"rel =" nofollow noreferrer > Google验证码

Content Security Policy header directive for Google Re-captcha

我为google re-captcha添加了以下指令，但是我仍然无法获取recaptcha__en.js的错误

I have added following directive for google re-captcha but still I am getting error for recaptcha__en.js

"script-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
"style-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/

尝试随机数

"script-src 'self' 'nonce-GoogleRecaptcha' "
"style-src 'self' 'nonce-GoogleRecaptcha' "

<script src='https://www.google.com/recaptcha/api.js' nonce="GoogleRecaptcha" async defer></script>

还尝试添加所有需要的哈希

And also tried to add all the needed hashes

如您在上面的哈希中所见，它显示了与我已经添加的哈希相同的哈希.仍然我收到此错误.

As you can see in above hash it shows same hash to add as I have already added.still i am getting this error.

我正在使用布局页面上的meta标签添加所有这些标头值.

And I am adding all these header values using meta tag on a layout page.

推荐答案

我明白了它

您只是想念在此描述的frame-src'self':我正在我的网站上使用内容安全策略(CSP).如何配置它以与reCAPTCHA一起使用?

You´re just missing frame-src 'self' as descfribed here:I'm using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?

    "style-src 'self' https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
frame-src 'self' https://www.google.com/recaptcha/;
font-src 'self' https://fonts.gstatic.com;
default-src 'self';
object-src 'none';
frame-ancestors 'none';
sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";

如果您需要我的项目实施细节，我会很乐意为您提供.

If you need my implementation details on my project I´ll gladly give them to you.

这篇关于Google Re-captcha的内容安全政策标头指令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！