Magento 2.3.5 Content Security Policy false script src

magento.stackexchange https://magento.stackexchange.com/questions/313297

  •  14-04-2021
  •  | 
  •  

Question

Some external script cannot be whitelisted I have called this app/code/modul_modul/etc/csp_whitelist.xml

    <policy id="script-src">
        <values>
            <value id="unsafe-inline" type="host">https://www.googletagmanager.com</value>
            <value id="google" type="host">wwww.gstatic.com/recaptcha</value>

        </values>
    </policy>

Any idea, I need to be whitelisted Google recaptcha some external script

Était-ce utile?

La solution

I think You need to add following rules for google recaptcha:

    <policy id="script-src">
        <values>
            <value id="google-recaptcha" type="host">https://www.google.com/recaptcha/</value>
            <value id="gstatic" type="host">https://www.gstatic.com/</value>
        </values>
    </policy>
    <policy id="frame-src">
        <values>
            <value id="google" type="host">https://www.google.com/</value>
        </values>
    </policy>
    <policy id="img-src">
        <values>
            <value id="doubleclick" type="host">https://stats.g.doubleclick.net/</value>
        </values>
    </policy>
Licencié sous: CC-BY-SA avec attribution
Non affilié à magento.stackexchange
scroll top