Re: Content Security Policy (CSP) with recaptcha v2

To make things worse I just found out that it seems to load different scripts when using different browsers. The previously stated URLs are valid for Firefox 34.Chrome 39 seems to also load scripts from the following URLs: http://bit.ly/1vPHqu6 http://bit.ly/1vPsnSk the complete domains have to be whitelisted in order to work in all browsers, but that's a lot of work required for testing :((Note that in order to use the paths CSP >= 1.1 is required anyways)On Thursday, December 4, 2014 10:52:09 AM UTC+1, sebasti...@gmail.com wrote: So far I've seen the following URLs which I had to allow:iframe content from http://bit.ly/1vPHry8 from http://bit.ly/1FRGPMX from http://bit.ly/1eCg7Yn http://bit.ly/1ydxrCc http://bit.ly/1FRGPfH for styles 'unsafe-inline' has to be allowed.SebastianOn Thursday, December 4, 2014 5:41:10 AM UTC+1, Sean Fujiwara wrote: I also had to modify my CSP, so I think it would be nice to have a note in the documentation. Sebastian, are you seeing anything besides "www.gstatic.com"? SeanOn Wednesday, December 3, 2014 10:11:47 AM UTC-8, sebasti...@gmail.com wrote: Hi,as I couldn't find any hints on the official documentation, does anybody know the correct way of using the new recaptcha API with a strict CSP?So far I only found several URLs which have to be whitelisted by trial and error with the developer console of the browser, but that approach is rather error prone as you can easily miss URLs with the large amount of different display options (the memory for mobile devices probably also needs a lot of resources, etc). Especially if the API implementation changes this can cause severe issues.Regards,Sebastian -- You received this message because you are subscribed to the Google Groups "reCAPTCHA" group. To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+unsubscribe@googlegroups.com. To post to this group, send email to recaptcha@googlegroups.com. Visit this group at http://bit.ly/1dkFnYd. For more options, visit http://bit.ly/P65DvS.