admin管理员组文章数量:1399145
I had implemented google recaptcha at my website and the website using Content-Security-Policy (CSP). According to google documentation, we should add following values to the directives which I already done for it.
script-src /, /
frame-src /, /
default-src 'self';
script-src 'self' *.googleapis *.gstatic *.google;
style-src 'self' 'unsafe-inline' *.googleapis *.gstatic www.google;
img-src 'self' *.gstatic *.google-analytics *.google *.google.sg;
font-src 'self' fonts.gstatic;
frame-src 'self' www.google www.gstatic;
connect-src accounts.google *.google-analytics ;
As a result, google recaptcha was able to render and working. But browser devtools console indicated there was an error of violate CSP directives of connect-src.
google recaptcha
Anyone having this issue before? Is it my code issue or misconfiguration anything? Shall I just add the value to connect-src directive? If yes, is there any document stated that value should be add to connect-src?
本文标签:
版权声明:本文标题:content security policy - Is there any google documentation stated about that value should add to CSP directive 'correct 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744212555a2595489.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论