Currently registrations are disabled if the homeserver requires ReCAPTCHA, possible way to fix this: https://matrix.org/docs/spec/client_server/r0.6.0#fallback. That allows loading e.g. https://matrix.org/_matrix/client/r0/auth/m.login.recaptcha/fallback/web?session=xxx to solve the captcha. Would be useful if it supports window.parent as well so it could run in an iframe.
outdated notes
[Manifest v3](https://blog.mozilla.org/addons/2019/09/03/mozillas-manifest-v3-faq/) will introduce new [CSP policies](https://blog.mozilla.org/addons/2019/12/12/test-the-new-csp-for-content-scripts/) and fully [disallow remote scripts](https://bugzilla.mozilla.org/show_bug.cgi?id=1594234). The default config of Riot Web points to the matrix.org homeserver which requires Recaptcha for registrations, which in turns still needs two script-src's
https://github.com/stoically/riot-webext/blob/a558bc4b8ec202a15cdae556e84c19a4a19d0efc/src/manifest.firefox.json#L6
---
So, sooner or later this would need to be tackled.
ReCAPTCHA seems to randomly be broken on Firefox, and just responds with `ERROR for site owner:
Invalid domain for site key`. Possible workaround: Similar to the SSO hook it might be possible to request host permissions for the homeserver (or maybe better, an subdomain like `recaptcha.example.org`), and then fake an https iframe to make ReCAPTCHA happy - and at the same time remove the remote script-src requirement.
Relevant links
- https://github.com/electron/electron/issues/8345#issuecomment-273326106
- https://github.com/mozilla/libdweb/blob/master/Readme.md#protocol-api
---
Possible workaround, using ReCAPTCHAs `fallback=true`, which prevents the "invalid domain for site key" error, and `
Currently registrations are disabled if the homeserver requires ReCAPTCHA, possible way to fix this: https://matrix.org/docs/spec/client_server/r0.6.0#fallback. That allows loading e.g.
https://matrix.org/_matrix/client/r0/auth/m.login.recaptcha/fallback/web?session=xxxto solve the captcha. Would be useful if it supportswindow.parentas well so it could run in an iframe.outdated notes
[Manifest v3](https://blog.mozilla.org/addons/2019/09/03/mozillas-manifest-v3-faq/) will introduce new [CSP policies](https://blog.mozilla.org/addons/2019/12/12/test-the-new-csp-for-content-scripts/) and fully [disallow remote scripts](https://bugzilla.mozilla.org/show_bug.cgi?id=1594234). The default config of Riot Web points to the matrix.org homeserver which requires Recaptcha for registrations, which in turns still needs two script-src's https://github.com/stoically/riot-webext/blob/a558bc4b8ec202a15cdae556e84c19a4a19d0efc/src/manifest.firefox.json#L6 --- So, sooner or later this would need to be tackled. ReCAPTCHA seems to randomly be broken on Firefox, and just responds with `ERROR for site owner: Invalid domain for site key`. Possible workaround: Similar to the SSO hook it might be possible to request host permissions for the homeserver (or maybe better, an subdomain like `recaptcha.example.org`), and then fake an https iframe to make ReCAPTCHA happy - and at the same time remove the remote script-src requirement. Relevant links - https://github.com/electron/electron/issues/8345#issuecomment-273326106 - https://github.com/mozilla/libdweb/blob/master/Readme.md#protocol-api --- Possible workaround, using ReCAPTCHAs `fallback=true`, which prevents the "invalid domain for site key" error, and `