Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
As of now I noticed Turnstile will load a script from challenges.cloudflare.com and embed an iframe pointing to the same domain, I wonder what other CSP rules I need to touch to ensure Turnstile operate properly.
punkeel
commented
2 years ago
Which Cloudflare product(s) does this pertain to?
Bots
Subject Matter
Need CSP configuration manual for Cloudflare Turnstile
Content Location
https://github.com/cloudflare/cloudflare-docs/blob/production/content/turnstile/get-started/client-side-rendering.md
Additional information
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
As of now I noticed Turnstile will load a script from
challenges.cloudflare.comand embed an iframe pointing to the same domain, I wonder what other CSP rules I need to touch to ensure Turnstile operate properly.