Where can we see the website?
Sure. Pretty much every WordPress with installed Contact Form 7 and activated Google reCAPTCHA. I’ve just created a fresh installation for better understanding:
https://demo.megl.in
The above page is a complete fresh installation without any other plugins installed.
Additionally, I tested it in other browsers. With the following result:
Firefox (v69.0.2)
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben
Safari (v12.1.2)
[Error] The source list for Content Security Policy directive ‘script-src’ contains an invalid source: ”strict-dynamic”. It will be ignored.
[Error] The source list for Content Security Policy directive ‘script-src’ contains an invalid source: ”strict-dynamic”. It will be ignored. (x2)
Obviously, the problem should be the Google ReCAPTCHA script. Any suggestions for a workaround?
I have the same issue, it been over a month; any update?
Hello,
Any news on this? Chrome v80 is already out and there’s no fix for this yet?
https://www.chromium.org/updates/same-site
Hi guys,
I don’t have a solution, but I have a workaround to reduce the warning only to the pages with a contact form:
/**
* Removes the CF7 scripts if the shortcode is not on the page
*/
function mm_deregister_cf7_scripts() {
if (class_exists('WPCF7')) {
global $wp_query;
$content = '';
if ($wp_query->post) :
$content = $wp_query->post->post_content;
endif;
if (!has_shortcode($content, 'contact-form-7')) {
wp_deregister_script('google-recaptcha');
wp_deregister_script('contact-form-7');
}
}
}
add_action('wp_enqueue_scripts', 'mm_deregister_cf7_scripts');
This workaround also has the additional advantage that the CF7 JavaScript is not loaded unnecessarily.
-
This reply was modified 3 years, 10 months ago by Oleg Meglin.