From 8a5d02a1bf6a72f2a788a2d139129770bb272fbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20G=C3=BCnther?= Date: Mon, 19 Aug 2024 14:52:14 +0200 Subject: [PATCH] Use nonced_javascript_include tag --- .../app/views/recaptcha/request/perform.html.erb | 8 ++++---- modules/recaptcha/lib/open_project/recaptcha/engine.rb | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/recaptcha/app/views/recaptcha/request/perform.html.erb b/modules/recaptcha/app/views/recaptcha/request/perform.html.erb index b600f8970f50..600822d2a48c 100644 --- a/modules/recaptcha/app/views/recaptcha/request/perform.html.erb +++ b/modules/recaptcha/app/views/recaptcha/request/perform.html.erb @@ -41,11 +41,11 @@ document.getElementById('submit_captcha').submit(); } <% end %> - <% elsif recaptcha_settings['captcha_type'] == ::OpenProject::Recaptcha::TYPE_TURNSTILE %> + <% elsif recaptcha_settings['recaptcha_type'] == ::OpenProject::Recaptcha::TYPE_TURNSTILE %> <% input_name = "turnstile-response" %> - - + <%= nonced_javascript_include_tag "https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" %> +
<%= nonced_javascript_tag do %> function submitTurnstileForm(token) { @@ -54,7 +54,7 @@ input.value = token; document.getElementById('submit_captcha').submit(); } - + window.onloadTurnstileCallback = function () { turnstile.render('#turnstile-container', { sitekey: '<%= recaptcha_settings['website_key'] %>', diff --git a/modules/recaptcha/lib/open_project/recaptcha/engine.rb b/modules/recaptcha/lib/open_project/recaptcha/engine.rb index 163b8a417381..023a9ba73b18 100644 --- a/modules/recaptcha/lib/open_project/recaptcha/engine.rb +++ b/modules/recaptcha/lib/open_project/recaptcha/engine.rb @@ -43,7 +43,7 @@ class Engine < ::Rails::Engine SecureHeaders::Configuration.named_append(:turnstile) do value = %w(https://challenges.cloudflare.com) - keys = %i(frame_src script_src style_src connect_src) + keys = %i(frame_src style_src connect_src) keys.index_with value end