diff --git a/Gemfile b/Gemfile index e68cc2312..8943e018c 100644 --- a/Gemfile +++ b/Gemfile @@ -13,7 +13,7 @@ gem 'pg', '~> 1.5' gem 'pg_search' # PostgreSQL full text search gem 'psych', '< 4.0' gem 'rails', '~> 7.0.8' -gem 'recaptcha', require: 'recaptcha/rails' +gem 'recaptcha' gem 'sanitize' gem 'sprockets-rails' gem 'view_component' diff --git a/Gemfile.lock b/Gemfile.lock index 4ed5dbebe..07911f921 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -50,7 +50,7 @@ GIT mime-types (>= 1.23) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: actioncable (7.0.8.5) actionpack (= 7.0.8.5) @@ -608,7 +608,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rdoc (6.3.4.1) - recaptcha (5.14.0) + recaptcha (5.17.0) regexp_parser (2.8.1) responders (3.1.1) actionpack (>= 5.2) diff --git a/app/helpers/form_tag_helper.rb b/app/helpers/form_tag_helper.rb index 71235c154..be9532ee7 100644 --- a/app/helpers/form_tag_helper.rb +++ b/app/helpers/form_tag_helper.rb @@ -9,7 +9,7 @@ module FormTagHelper res << label_tag(:recaptcha_label, I18n.t('users.registrations.new.captcha_description')) end - res << recaptcha_tags + res << recaptcha_tags(nonce: content_security_policy_nonce) if flash[:recaptcha_error] res << "" res << flash[:recaptcha_error] diff --git a/config/initializers/extends.rb b/config/initializers/extends.rb index c8ce4798f..8f8854f46 100644 --- a/config/initializers/extends.rb +++ b/config/initializers/extends.rb @@ -643,16 +643,9 @@ class Extends 'FluicsLabelTemplate' => 'Fluics' } - EXTERNAL_SCRIPT_SERVICES = - if Rails.application.config.x.no_external_csp_exceptions - [] - else - %w( - https://marvinjs.chemicalize.com/ - www.recaptcha.net/ - www.gstatic.com/recaptcha/ - ) - end + # If Rails.application.config.x.no_external_csp_exceptions is set, than this should be empty, + # but first try to use nonces before adding exceptions here + EXTERNAL_SCRIPT_SERVICES = [] EXTERNAL_CONNECT_SERVICES = if Rails.application.config.x.no_external_csp_exceptions