Inline Script and CSP

[steven-wm]

Firstly thanks for this amazing contribution.

My website uses a CSP (Content Security Policy) which prevents inline scripts like below from executing. As a workaround, I've copied it to my JavaScript file and everything now works great. However there's still a console error about it, so what's the best way to stop your project from adding the below to the template?

<script>
    function onRegisterFormSubmit() {
        document.getElementById('register-form').submit();
    }
</script>

[RVxLab]

Hey Steven, if you set a data-callback attribute on the submit component it won’t render the script. See this line in HCaptcha.php.

Setting that attribute will prevent the default callback view from being rendered.

Failing that, you could opt to publish the views and empty that specific view.

If neither of those work for you, I’d be happy to talk about a solution.

[steven-wm]

Perfect! I've changed my submit component to the following and that's fixed the CSP error. Thanks so much.

{!! HCaptcha::displaySubmit('register-form', __('auth/register.register'), [ 'class' => 'btn btn-primary', 'data-callback' => 'onRegisterFormSubmit' ]) !!}

[RVxLab]

No worries at all! Very happy to hear that fixed it for you :)