I had implemented google recaptcha at my website and the website using Content-Security-Policy (CSP). According to google documentation, we should add following values to the directives which I already done for it.
script-src /, /
frame-src /, /
default-src 'self';
script-src 'self' *.googleapis *.gstatic *.google;
style-src 'self' 'unsafe-inline' *.googleapis *.gstatic www.google;
img-src 'self' *.gstatic *.google-analytics *.google *.google.sg;
font-src 'self' fonts.gstatic;
frame-src 'self' www.google www.gstatic;
connect-src accounts.google *.google-analytics ;
As a result, google recaptcha was able to render and working. But browser devtools console indicated there was an error of violate CSP directives of connect-src.
google recaptcha
Anyone having this issue before? Is it my code issue or misconfiguration anything? Shall I just add the value to connect-src directive? If yes, is there any document stated that value should be add to connect-src?
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744212555a4563404.html
评论列表(0条)