Relating to the issue, but the fix there does not solve my issue: Content Security Policy - Including A Script
On Firefox 64.0.2, with reCaptch.MVC (https://www.nuget.org/packages/reCAPTCH.MVC/) installed on top of latest Umbraco installation, the reCaptcha fails to appear on Firefox. It appears on Chrome and all other browsers, but not on Firefox.
I have read about nonces but do not understand how I'd implement it into this plugin. Could anyone explain?
These are the errors:
Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified
I have tried setting content policy like this, in web.config instead of meta tags, but it ends up blocking more content, than unblocking:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-inline' https://www.google.com https://maps.googleapis.com https://www.gstatic.com" />
</customHeaders>
</httpProtocol>
</system.webServer>
Tried this too just to try anything:
<add name="Content-Security-Policy" value="*" />
How do I fix this warning and hopefully make it appear in Firefox?
