Can't sign up due to Content-Security-Policy issue

petronny
When opening https://www.zotero.org/user/register, the captcha iframe doesn't show up.

The console says,
Refused to frame 'https://www.recaptcha.net/' because it violates the following Content Security Policy directive: "frame-src 'self' https://www.google.com".

I find some discussions about this on stackoverflow.
https://stackoverflow.com/questions/39853162/recaptcha-with-content-security-policy

Could you fix this ASAP?
  • dstillman
    What browser and version?
  • petronny
    Tested on Google chrome 78.0.3904.70 (32 bit)
    and Microsoft Edge 44.18362.449.0
  • fcheslack
    That github issue is unrelated (that was due to a bug in recaptcha that they fixed and generated a different error than you're reporting).

    I couldn't reproduce this on Chrome or Edge with the old settings, but I know certain versions of Edge at least have treated the frame and calling script domains differently, so I've added both to the allowed frame rule. Hopefully that solves the problem for you. This is working for most users.
  • petronny
    And it works! Thank you.

This is an old discussion that has not been active in a long time. Before commenting here, you should strongly consider starting a new discussion instead. If you think the content of this discussion is still relevant, you can link to it from your new discussion.

Sign In or Register to comment.