Hello,
I read that adding a Content-Security-Policy is a good idea so I added this line to the html head of an Evo website.
<meta http-equiv="Content-Security-Policy" content="default-src https:">
For some reason that stops the captcha from displaying in FormLister forms.
The following error message is displayed in Chrome's Developer Tools...
Refused to load the image
'data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcgSlBFRyB2NjIpLCBkZWZhdWx0IHF1YWxpdHkK/9sAQwAIBgYHBgUIBwcHCQkICgwUDQwLCwwZEhMPFB0aHx4dGhwcICQuJyAiLCMcHCg3KSwwMTQ0NB8nOT04MjwuMzQy/9sAQwEJCQkMCwwYDQ0YMiEcITIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy/8AAEQgAPACWAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldY...hzjnn+Wa5oJ3ZtPZGnmis0310Jbs/ZW8qFTt+7lzjt838wKYurPF5Edzby+dKMkRoCEBOBnk/pmtTM1aKqRXjTOwWCYKM4chcN245z+dFAFrIparOSL2HBOCrZGeD07VZoAK5HW9C1A3iHSkeODG4pHKIwr5OTjI9a62lpNXLp1HTldHBQ+Cr67lD30qoOhJcu3+fxrqLTRl0y2WHTmji/vtKhcsfXhhWrRQkkXUrzqaPYqR2S+Z50wV5yu1nXKgj/AHcmmNpNi6gSWscmDn5xuP5mr1FMyTa2KsdhbxSiSOIKwGBgnA7cDpVqiigQ11DqVYAqRgg96r/Y4PJWERKI15Cjj/PWrJoouwsV/scOc7MdehPfrSfYYNqr5fC9PmP+e1WaKLsVkRyRLLGUcZU9RmopdPtpggeEYQYUAkAfgKsU6kMqf2fbnzfkP737/wA55/Wl+wW/7vCEeX907znrnrnn8atUUwKyWcMUjSJGA7deSf8A9VFWaKAP/9k='
because it violates the following Content Security Policy directive: "default-src https:".
Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
Has anyone come across this before with the captcha?
Content-Security-Policy is new to me. Any ideas on how tweak the meta Content-Security-Policy so that captcha still displays / works in the forms and a reasonable Content-Security-Policy is maintained?
Thanks in advance for any help.