I'm implementing Content Security Policy with nonce on my website and I'm trying to get recaptcha working with EWZ V3. I pass the generated nonce to EWZ using the "script_nonce_csp" option, but the recaptcha JS script is not permitted to be loaded because the EWZ library does not provide the nonce to the script tag. More details below:
File: src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig
Line: 4
Current value: <script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}"></script>
Proposed value: <script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}" {% if form.vars.script_nonce_csp is defined and form.vars.script_nonce_csp is not same as('') %} nonce="{{ form.vars.script_nonce_csp }}"{% endif %}></script>
Is this correct, or am I doing something wrong when implementing it? Please let me know. Thank you.
I'm implementing Content Security Policy with nonce on my website and I'm trying to get recaptcha working with EWZ V3. I pass the generated nonce to EWZ using the "script_nonce_csp" option, but the recaptcha JS script is not permitted to be loaded because the EWZ library does not provide the nonce to the script tag. More details below:
File: src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig Line: 4 Current value:
<script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}"></script>Proposed value:<script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}" {% if form.vars.script_nonce_csp is defined and form.vars.script_nonce_csp is not same as('') %} nonce="{{ form.vars.script_nonce_csp }}"{% endif %}></script>Is this correct, or am I doing something wrong when implementing it? Please let me know. Thank you.