Magento 2.3.5 Content Security Policy false script src
-
14-04-2021 - |
Question
Some external script cannot be whitelisted I have called this app/code/modul_modul/etc/csp_whitelist.xml
<policy id="script-src">
<values>
<value id="unsafe-inline" type="host">https://www.googletagmanager.com</value>
<value id="google" type="host">wwww.gstatic.com/recaptcha</value>
</values>
</policy>
Any idea, I need to be whitelisted Google recaptcha some external script
La solution
I think You need to add following rules for google recaptcha:
<policy id="script-src">
<values>
<value id="google-recaptcha" type="host">https://www.google.com/recaptcha/</value>
<value id="gstatic" type="host">https://www.gstatic.com/</value>
</values>
</policy>
<policy id="frame-src">
<values>
<value id="google" type="host">https://www.google.com/</value>
</values>
</policy>
<policy id="img-src">
<values>
<value id="doubleclick" type="host">https://stats.g.doubleclick.net/</value>
</values>
</policy>
Licencié sous: CC-BY-SA avec attribution
Non affilié à magento.stackexchange