I'm trying to embed hCaptcha into a website, but it won't accept the Content-Security-Policy I set in the meta head or by setting the header directly in Chrome and FireFox.
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com" />
More readable format:
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com;
frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com;
style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com
It's the same string for the header (using Go). Right now I'm just trying to get the meta tag to work. This is the error I get in Chrome:
And in FireFox:
What am I doing wrong? I think it started with the latest Chrome and FireFox update and worked before?
Aucun commentaire:
Enregistrer un commentaire