The site my script is for has started using recaptcha for some features, so I need to hook into it too for my script to keep working. However, the site uses recaptcha enterprise. "https://www\.google\.com/recaptcha/api.js" is in the CDN list, but recaptcha enterprise has a different URL:
where site-key is a token embedded on the site. It's a loader stub that it looks very similar to api.js, so loading this with a \@require SRI won't work since the script will change as it gets updated.
JasonBarnabe
commented
1 year ago
The site my script is for has started using recaptcha for some features, so I need to hook into it too for my script to keep working. However, the site uses recaptcha enterprise. "https://www\.google\.com/recaptcha/api.js" is in the CDN list, but recaptcha enterprise has a different URL:
https://www.recaptcha.net/recaptcha/enterprise.js?render=SITE-KEY (ref: https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages#user-action)
where site-key is a token embedded on the site. It's a loader stub that it looks very similar to api.js, so loading this with a \@require SRI won't work since the script will change as it gets updated.