Google Re-captcha的内容安全政策标头指令 [英] Content Security Policy header directive for Google Re-captcha
问题描述
Content Security Policy header directive for Google Re-captcha
我为google re-captcha添加了以下指令,但是我仍然无法获取recaptcha__en.js的错误
I have added following directive for google re-captcha but still I am getting error for recaptcha__en.js
"script-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
"style-src 'self' https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
尝试随机数
"script-src 'self' 'nonce-GoogleRecaptcha' "
"style-src 'self' 'nonce-GoogleRecaptcha' "
<script src='https://www.google.com/recaptcha/api.js' nonce="GoogleRecaptcha" async defer></script>
还尝试添加所有需要的哈希
And also tried to add all the needed hashes
拒绝应用内联样式,因为它违反了以下规定 内容安全策略指令:"style-src'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw =' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0 =' 'sha256-LpfmXS + 4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE =' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB + qmKgThG52u/Mk =' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8 =' 'sha256-WCg1a4AhMGgFRCQG5w + hgG + Q2j8Ygrbd + 2dgjByIOIU =' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M =' 'sha256- + zzuded9 + DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4 =' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A =' 'sha256-MammJ3J + TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o ='.要么为'unsafe-inline'关键字,否则为哈希 ('sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8 =')或随机数 ('nonce -...')是启用内联执行所必需的.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8=' 'sha256-WCg1a4AhMGgFRCQG5w+hgG+Q2j8Ygrbd+2dgjByIOIU=' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M=' 'sha256-+zzuded9+DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4=' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A=' 'sha256-MammJ3J+TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o='". Either the 'unsafe-inline' keyword, a hash ('sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8='), or a nonce ('nonce-...') is required to enable inline execution.
如您在上面的哈希中所见,它显示了与我已经添加的哈希相同的哈希. 仍然我收到此错误.
As you can see in above hash it shows same hash to add as I have already added. still i am getting this error.
我正在使用布局页面上的meta标签添加所有这些标头值.
And I am adding all these header values using meta tag on a layout page.
推荐答案
我明白了它
You´re just missing frame-src 'self' as descfribed here: I'm using Content-Security-Policy (CSP) on my website. How can I configure it to work with reCAPTCHA?
"style-src 'self' https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;
frame-src 'self' https://www.google.com/recaptcha/;
font-src 'self' https://fonts.gstatic.com;
default-src 'self';
object-src 'none';
frame-ancestors 'none';
sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
如果您需要我的项目实施细节,我会很乐意为您提供.
If you need my implementation details on my project I´ll gladly give them to you.
这篇关于Google Re-captcha的内容安全政策标头指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
