Hi Team,
We are implementing the content security policy as per https://success.outsystems.com/documentation/10/managing_the_applications_lifecycle/secure_the_applications/apply_content_security_policy/
this (by default) has Script-src = self
and this blocks recaptcha
Explicitly permitting https://www.google.com/recaptcha/api.js?onload=onLoadCallback&render=explicit
got us further
but then got blocked on https://www.gstatic.com/recaptcha/
We then tried wildcarding
but this did not work either.
Can you please let us know what settings are required/recommended?
Many thanks,
Andy
Hi,
I have experience and this is what we put :
self
*.google.com
*.gstatic.com
(please note, that google use some other link, and you need to keep put the google link to CSP)
And check the Log on service center, it has more detail for what to put.