According to the ReCaptcha FAQ:
script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/
frame-src https://www.google.com/recaptcha/, https://recaptcha.google.com/recaptcha/
Thread Starter
Jaso
(@subwebsites)
please explain exactly how its supposed to be typed in here please:
https://prnt.sc/1DWVoRrMZPn7
If you need to allow *.google.com, you can try:
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com *.google.com https://www.gstatic.com/recaptcha/; frame-src *.google.com;
If you don’t need to allow *.google.com, try:
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;
Thread Starter
Jaso
(@subwebsites)
Your code to allow ReCaptcha frame still doesnt allow the frame to appear as seen here:
https://prnt.sc/CGbWjN3wKdPc
Whats next ?
Open your browser’s console and paste here the error message that explains what it is blocking the frame.
To open the console:
-Edge, Chrome and Chromium browsers: CTRL + Shift + i
-FireFox: CTRL + Shift + e
Here’s an example of a frame blocked by the policy:
Thread Starter
Jaso
(@subwebsites)
Noticed : https://prnt.sc/6_lW154_J6FN also blocking Google maps.
I reckon there needs to a code list to copy/paste into these settings from somewhere as this is NOT easy to configure
I can see 3 errors in your screenshot:
You need to remove the two * preceeding https.
script-src *https://www.google.com/recaptcha/.....
And:
frame-src *https://www.google.com/recaptcha/.....
There are also 2 occurrences of script-src. Remove the second one.
Thread Starter
Jaso
(@subwebsites)
Ok, can you please correct this code as this is just taking too long to happen:
script-src frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com *.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
I need Recaptcha & Maps to function correctly
Thank you kindly
This is the corrected code:
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;
Test if it works and check the browser’s console. If there was an error in the console, paste it here.
Thread Starter
Jaso
(@subwebsites)
Thank you very muchly, most appreciated
Thread Starter
Jaso
(@subwebsites)
now again theres a problem.
think you need to fix this issue about it being blocked, especially on mobile !
whats the point having recaptcha when this is blocking it
Thread Starter
Jaso
(@subwebsites)
This does not work on mobile devices,
This screen shot from Mobile: https://prnt.sc/Q2z-k3c8gf_V
This screen shot from desktop: https://prnt.sc/-YNresCrdxGe
That’s the evidence I see
If you enable “Content-Security-Policy”, you need to configure them according to your site. There’s no generic rules because each site is unique. If you’re facing too many issues with them, disable them. That’s the reason why we don’t activate them by default.
Here’s some good documentation about CSP:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developers.google.com/web/fundamentals/security/csp/
