Allow trusted types

[SomeBdyElse]

The extensions reCAPTCHA integration is currently incompatible with trusted types. Adding a CSP header Content-Security-Policy: require-trusted-types-for 'script'; to the http response currently breaks the reCAPTCHA integration.

Google itself allows for trusted types: https://developers.google.com/recaptcha/docs/v3#tips (3)

To activate them, the API URL needs to be changed to https://www.google.com/recaptcha/api.js?trustedtypes=true .

Right now it is possible to do so by modifying the TypoScript setup

# Include recaptcha with trusted types for CSP compatibility
page.includeJSFooterlibs.recaptcha = {$plugin.tx_recaptcha.api_server}{$plugin.tx_recaptcha.lang}&trustedtypes=true

I suggest to provide a TypoScript constant to activate trusted types and to activate it by default.

[garbast]

The extension is not compatible with v3. Further more the latest commit in develop branch improves the security by improved CSP compatibility. If you need trusted types, you can add them in your typoscript. There is nothing wrong to change some TypoScript setup beyond constants.

The aim of the extension is not to solve everyones problems but to deliver a 80% solution. Recaptcha v3 is fare to complex to integrate in a generalized extension.

[SomeBdyElse]

OK, no worries. Just for the record: The &trustedtypes=true parameter also works for Google reCAPTCHA v2.