CSP Not Showing Google Recaptcha #41
Comments
|
How can I change this chunk into externalized-jinja-happy template https://github.com/haoqili/MozSecWorld/blob/master/apps/msw/captcha.py#L33-44 |
…ined, context_processors, how do I put python into javascript? let me try hard coding the Server and Public key. big mess
|
^ trying to copy https://github.com/jbalogh/zamboni/blob/master/apps/amo/templates/amo/recaptcha_js.html, get "global name 'settings' is not defined" error |
…xternal js (from same origin, from haoqili.scripts.mit.edu work. Something is wrong with Google Recaptcha and CSP. Possibly 3rd party domains? mcoates debugged with me. --> will ask bsterne
|
^ latest push has https://github.com/haoqili/MozSecWorld/blob/7b4cff394aae590a637c7ad95a79c87dc5e33a29/apps/msw/recaptcha_test.py that gets new challenge strings from recaptcha every time with the challenge string, append it to the end of "https://www.google.com/recaptcha/api/image?c=" to get a new recaptcha image |
|
Great resource found! https://github.com/mozilla/django-recaptcha |
|
Django-recaptcha uses the same recaptcha backend, with the "displayhtml()" function that contains the in-body javascript. The only difference is that they have a custom display. Let me try that. |
|
New Firebug bug call to setInterval blocked by CSP recaptcha.js (line 23) Because setInterval() is blocked by CSP. Set it by: https://github.com/mozilla/django-csp/blob/master/README.rst |
…ster's custom RecaptchaOptions to avoid in-body script. BT2: have to allow setInterval like 'CSP_OPTIONS = ("eval-script",)'. Q1 #45 How come amo register does not have "setInterval blocked by CSP" problem even without CSP_OPTIONS?
|
2 break throughs, 1 question. |
In firebug
CSP: Directive "inline script base restriction" violated Recaptcha.widget = Recaptcha.$("recaptch...I saw the same bug and they fixed it by updating jQuery to 1.5. Well I updated it to 1.6.2 and it's still not working!
(also check out #40)
The text was updated successfully, but these errors were encountered: