SaaS CMS has officially launched! Learn more now.

reCaptcha v3 Console Error for Content Security Policy



I have added Forms.Samples 3.7 in my episerver solution to include reCaptcha v3.After inclusion,I was able to see reCaptcha element within form elements in episerver which i have included in one of the episerver form.Running the application gives me the reCaptcha icon on the page that is used to validate before form submission.

To emulate a robotic behavior & reject form submission to verify the working of reCaptcha ,i have included chrome extension Mod header for the same & the rejection of form works.

However,when I land on the page where the recaptcha form is,i get an error in console related to content security policy. Assuming ,this might be something restricting on my application site,i tried to implement the same in Alloy site & the issue is still the same.Here's a snap of the error in alloy site.

This does not hinders the reCaptcha funcctionality but i would like to understand why this error in console.If this is a bug related to v3.

Kindly advise.

Note:The error is same in firefox console as well but as a warning.


Jun 28, 2021 10:43

It sounds like you've got a security policy in place in your solution. So like anything that client side you'll have to add the domains you can see in the errors to it. 

Jun 28, 2021 12:03
Farhin - Jun 28, 2021 12:29
Thanks for the response.
Please excuse me as I am not sure I am following you. If you could elaborate more on this please. Which domain within the error are you referring? Also, as I mentioned , the console error is not specific to my application. I have spun up the sample alloy site & the error is there as well or are you referring to the policy within an organization?
Scott Reed - Jun 28, 2021 12:37
Sorry I missed the part about trying it on Alloy. The error seems to be just saying that the configuration is incorrect, it may be coming from the script itself in it's headers. Not sure without looking and I'm working atm
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.