react-google-invisible-recaptcha icon indicating copy to clipboard operation
react-google-invisible-recaptcha copied to clipboard

Published 20 hours ago verified publisher icon szchenghuang

Add Trusted Types support for script injection

Open russellsteadman opened this issue 4 years ago • 0 comments

Trusted Types

Trusted Types is a new web API to support script security, and it can be used as part of a Content-Security-Policy.

Problem

The recaptcha script injection would be blocked if require-trusted-types-for 'script' is added to the CSP, and there is no current workaround.

Fixes

  • An optional trustedTypePolicy prop was added, so when Trusted Types is supported by the browser and the prop is provided, the policy is applied.
  • Dependencies were updated
  • Version was bumped to v0.3.0 for release

russellsteadman avatar Jun 12 '20 20:06 russellsteadman