Reputation: 105
Refused to load the script 'https://www.google.com/recaptcha/api.js'
I continue to get an error stating "Refused to load the script 'https://www.google.com/recaptcha/api.js' because it violates the following Content Security Policy directive: "script-src 'self' xxxxxxxxxxxxx" Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback." I got the same error when disabling Chrome security via the command chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security. I did see the google developer guide states to use nonce in reCAPTCHA api script tag. I suspect a server has the policy. How do I get the nonce value? Why can I not disable Chrome security to test my code? I am using an asp.net mvc website. I have also tried a meta tag in the view unsuccessfully.
Upvotes: 0
Views: 5401
Answers (1)
Reputation: 3465
The first thing you need to do is to add www.google.com or https://www.google.com to your script-src directive. Currently it refuses to load the initial script.
You generate a random value for the nonce. Seems like you need to insert it into the script tag. You also have to insert it into your CSP.
Upvotes: 1
Related Questions
- Refused to load the script because it violates the following Content Security Policy directive: "script-src 'self'
- the source list for content security policy directive 'script-src' contains an invalid source in safari angular 5
- Uncaught SecurityError: Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "http://my.site.com".
- Google reCaptcha keeps loading forever
- Google reCAPTCHA v2: Invalid 'X-Frame-Options' header encountered when loading
- reference error: grecaptcha is undefined in chrome
- Googles recaptcha gives "Uncaught SecurityError" after successful validation in my SPA
- Recaptcha Uncaught SecurityError: Blocked a frame with origin "https://www.google.com"
- Uncaught TypeError in Google reCAPTCHA
- Content security policy blocking requests to *://www.google.com/recaptcha/api