Embedding http script

[HassanCorrigan]

https://github.com/pdupavillon/express-recaptcha/blob/f18f544d800c4197b84bfd32df6a4d5ae67a0eb9/src/v2.ts#L65

My content security policy was flagging a request over http instead of https. Seems to be the above line causing the issue. I manually replaced it with the below (prepending 'https:') and seems to be ok now. return '<script src="https://'+this._api.host+this._api.script+query_string+'" async defer></script>'+

[franck34]

As you probably know, the pattern // means that the src provided will use https if your website is using https, or http if your website is using http.

So it's not possible to have an http request if your website is using https.

[HassanCorrigan]

I wasn't aware (still fairly new to all this) so thanks for the info, I don't know why it's being served over http on my site. I'll do more investigating.