Forum Discussion
captcha not show after enable header security
- Aug 21, 2023
You need then to allow google recaptcha URLs. Something like that:
if {!([HTTP::header exists "Content-Security-Policy"])} { HTTP::header insert Content-Security-Policy "default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests" }
Frequently Asked Questions | reCAPTCHA | Google for Developers
What exact captcha are you referring to?
What is the security headers configuration you've implemented?
the format that i inspect png, and image broken
i removed this rule and the captcha show again, i dont know what exactly should i modify this parameter
if {!([HTTP::header exists "Content-Security-Policy"])} {
HTTP::header insert Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests"
Thanks
- Amine_KadimiAug 18, 2023MVP
You didn't mention what kind of captcha you are using (recaptcha, hcaptcha, self made captcha ...). If this is an external service (hCaptcha, reCaptcha) you will have to tweak you rules a little bit.
- Anzine321Aug 21, 2023Altocumulus
reCaptcha by google developer, i dont know how to modify irule, do you have any suggestion or reference ?
Thanks
- Amine_KadimiAug 21, 2023MVP
You need then to allow google recaptcha URLs. Something like that:
if {!([HTTP::header exists "Content-Security-Policy"])} { HTTP::header insert Content-Security-Policy "default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests" }
Frequently Asked Questions | reCAPTCHA | Google for Developers
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com