Cloudflare Turnstile

  • Resolved saznajmo

    (@saznajmo)


    2 months, 2 weeks ago

    Hi,

    Please check/inform.

    I enabled Cloudflare Turnstile on the contact form, but now on that page in Inspect I see an error:

    Content Security Policy of your site blocks the use of ‘eval’ in JavaScript`The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
    To solve this issue, avoid using <code class=” “>eval(), <code class=” “>new Function(), <code class=” “>setTimeout([string], …) and <code class=” “>setInterval([string], …) for evaluating strings.If you absolutely must: you can enable string evaluation by adding <code class=” “>unsafe-eval as an allowed source in a <code class=” “>script-src directive.
    ⚠️ Allowing string evaluation comes at the risk of inline script injection.1 directive
    Source locationDirectiveStatusnormal?lang=auto:1script-srcblocked

    In addition, I see a few more warnings about Turnstle.
    [Cloudflare Turnstile] Unknown parameter passed to api.js: “?ver=…”, ignoring.

    The resource https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 was preloaded using link preload but not used within a few seconds from the window’s load event. Please make sure it has an appropriate as value and it is preloaded intentionally.

    Please help.

    Viewing 1 replies (of 1 total)
    • Plugin Contributor Remkus de Vries

      (@defries)

      2 months, 2 weeks ago

      This support forum is dedicated to the Cloudflare plugin that facilitates APO, Cloudflare Turnstile is not supported by this plugin.

      I’m not sure what solution you’re using to connect Turnstile to your WordPress site, but potentially you’re using this one?

    Viewing 1 replies (of 1 total)

    You must be logged in to reply to this topic.