内容安全政策标头指令/recaptcha/docs/faq#im-using-content-security-policy-csp-on-my-site-how-can-i-configure-it-to-with-recaptcha"rel =" nofollow noreferrer > Google验证码
Content Security Policy header directive for Google Re-captcha
我为google re-captcha添加了以下指令,但是我仍然无法获取recaptcha__en.js的错误
I have added following directive for google re-captcha but still I am getting error for recaptcha__en.js
"script-src 'self' www.google/recaptcha/ www.gstatic/recaptcha/ "style-src 'self' www.google/recaptcha/ www.gstatic/recaptcha/尝试随机数
"script-src 'self' 'nonce-GoogleRecaptcha' " "style-src 'self' 'nonce-GoogleRecaptcha' " <script src='www.google/recaptcha/api.js' nonce="GoogleRecaptcha" async defer></script>还尝试添加所有需要的哈希
And also tried to add all the needed hashes
拒绝应用内联样式,因为它违反了以下规定 内容安全策略指令:"style-src'self' www.google/recaptcha/ www.gstatic/recaptcha/ 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw =' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0 =' 'sha256-LpfmXS + 4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE =' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB + qmKgThG52u/Mk =' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8 =' 'sha256-WCg1a4AhMGgFRCQG5w + hgG + Q2j8Ygrbd + 2dgjByIOIU =' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M =' 'sha256- + zzuded9 + DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4 =' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A =' 'sha256-MammJ3J + TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o ='.要么为'unsafe-inline'关键字,否则为哈希 ('sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8 =')或随机数 ('nonce -...')是启用内联执行所必需的.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' www.google/recaptcha/ www.gstatic/recaptcha/ 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8=' 'sha256-WCg1a4AhMGgFRCQG5w+hgG+Q2j8Ygrbd+2dgjByIOIU=' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M=' 'sha256-+zzuded9+DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4=' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A=' 'sha256-MammJ3J+TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o='". Either the 'unsafe-inline' keyword, a hash ('sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8='), or a nonce ('nonce-...') is required to enable inline execution.
如您在上面的哈希中所见,它显示了与我已经添加的哈希相同的哈希. 仍然我收到此错误.
As you can see in above hash it shows same hash to add as I have already added. still i am getting this error.
我正在使用布局页面上的meta标签添加所有这些标头值.
And I am adding all these header values using meta tag on a layout page.
推荐答案我明白了它
您只是想念在此描述的frame-src'self': 我正在我的网站上使用内容安全策略(CSP).如何配置它以与reCAPTCHA一起使用?
You´re just missing frame-src 'self' as descfribed here: I'm using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?
"style-src 'self' fonts.googleapis www.google/recaptcha/ www.gstatic/recaptcha/; script-src 'self' apis.google www.google/recaptcha/ www.gstatic/recaptcha/; frame-src 'self' www.google/recaptcha/; font-src 'self' fonts.gstatic; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";如果您需要我的项目实施细节,我会很乐意为您提供.
If you need my implementation details on my project I´ll gladly give them to you.
更多推荐
Google Re
发布评论