Solved recaptcha csp bug (propably will lead to other bugs, which then need to be solved)

2025-11-04 12:18:17 +00:00 · 2025-06-02 19:14:48 +02:00
parent 28c298636d
commit cc9b634bb8
1 changed files with 6 additions and 5 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -91,6 +91,7 @@ class FilterModule(object):
                'frame-ancestors',
                'frame-src',
                'script-src',
+                'script-src-elem',
                'style-src',
                'font-src',
                'worker-src',
@@ -115,11 +116,11 @@ class FilterModule(object):
                        tokens.append(f"{web_protocol}://{matomo_domain}")

                # ReCaptcha integration: allow loading scripts from Google if feature enabled
-                if (
-                    self.is_feature_enabled(applications, 'recaptcha', application_id)
-                    and directive == 'script-src'
-                ):
-                    tokens.append('https://www.google.com')
+                if self.is_feature_enabled(applications, 'recaptcha', application_id):
+                    if directive == 'script-src':
+                        tokens.append('https://www.google.com')
+                    if directive == 'script-src-elem':
+                        tokens.append('https://www.gstatic.com')

                # Enable loading via ancestors
                if (