我已经为google re-captcha添加了以下指令,但我仍然收到了recaptcha__en.js的错误
"script-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
"style-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
尝试使用nonce
"script-src 'self' 'nonce-GoogleRecaptcha' "
"style-src 'self' 'nonce-GoogleRecaptcha' "
<script src='https://www.google.com/recaptcha/api.js' nonce="GoogleRecaptcha" async defer></script>
还尝试添加所有需要的哈希
拒绝应用内联样式,因为它违反了以下内容 内容安全政策指令:&#34; style-src&#39; self&#39; https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ &#39; SHA256-CwE3Bg0VYQOIdNAkbB / Btdkhul49qZuwgNCMPgNY5zw =&#39; &#39; SHA256-MZKTI0Eg1N13tshpFaVW65co / LeICXq4hyVx6GWVlK0 =&#39; &#39; SHA256-LpfmXS + 4ZtL2uPRZgkoR29Ghbxcfime / CSD / 4w5VujE =&#39; &#39; SHA256-YJO / M9OgDKEBRKGqp4Zd07dzlagbB + qmKgThG52u / MK =&#39; &#39; SHA256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o / i3e0v8 =&#39; &#39; SHA256-WCg1a4AhMGgFRCQG5w + HGG + Q2j8Ygrbd + 2dgjByIOIU =&#39; &#39; SHA256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M =&#39; &#39; sha256- + zzuded9 + DHoztKyASJeCkVU0gxvYNWMUIQM7x // CB4 =&#39; &#39; sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A =&#39; &#39; SHA256-MammJ3J + TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o =&#39;&#34 ;. “不安全 - 内联”和“不安全”。关键字,哈希 (&#39; sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o / i3e0v8 =&#39;),或者一个nonce (&#39; nonce -...&#39;)是启用内联执行所必需的。
正如您在上面的哈希中所看到的那样,它显示了我添加的相同哈希值。 我仍然得到这个错误。
我在布局页面上使用元标记添加所有这些标头值。
答案 0 :(得分:0)
我可以正常工作
您只是缺少frame-src'self',如此处所述: I'm using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?
"style-src 'self' https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
frame-src 'self' https://www.google.com/recaptcha/;
font-src 'self' https://fonts.gstatic.com;
default-src 'self';
object-src 'none';
frame-ancestors 'none';
sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
如果您需要我的项目实施细节,我会很乐意为您提供。