-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP Not Showing Google Recaptcha #41
Comments
How can I change this chunk into externalized-jinja-happy template https://github.com/haoqili/MozSecWorld/blob/master/apps/msw/captcha.py#L33-44 |
…ined, context_processors, how do I put python into javascript? let me try hard coding the Server and Public key. big mess
^ trying to copy https://github.com/jbalogh/zamboni/blob/master/apps/amo/templates/amo/recaptcha_js.html, get "global name 'settings' is not defined" error |
…xternal js (from same origin, from haoqili.scripts.mit.edu work. Something is wrong with Google Recaptcha and CSP. Possibly 3rd party domains? mcoates debugged with me. --> will ask bsterne
^ latest push has https://github.com/haoqili/MozSecWorld/blob/7b4cff394aae590a637c7ad95a79c87dc5e33a29/apps/msw/recaptcha_test.py that gets new challenge strings from recaptcha every time with the challenge string, append it to the end of "https://www.google.com/recaptcha/api/image?c=" to get a new recaptcha image |
Great resource found! https://github.com/mozilla/django-recaptcha |
Django-recaptcha uses the same recaptcha backend, with the "displayhtml()" function that contains the in-body javascript. The only difference is that they have a custom display. Let me try that. |
New Firebug bug call to setInterval blocked by CSP recaptcha.js (line 23) Because setInterval() is blocked by CSP. Set it by: https://github.com/mozilla/django-csp/blob/master/README.rst |
…ster's custom RecaptchaOptions to avoid in-body script. BT2: have to allow setInterval like 'CSP_OPTIONS = ("eval-script",)'. Q1 #45 How come amo register does not have "setInterval blocked by CSP" problem even without CSP_OPTIONS?
2 break throughs, 1 question. |
In firebug
I saw the same bug and they fixed it by updating jQuery to 1.5. Well I updated it to 1.6.2 and it's still not working!
(also check out #40)
The text was updated successfully, but these errors were encountered: