From d5f45c06394b92860ec7776b03ab44f0e8cfb155 Mon Sep 17 00:00:00 2001 From: Inverle Date: Wed, 11 Mar 2026 16:11:55 +0100 Subject: [PATCH 1/2] Fixed wrong path in CSP causing reCAPTCHA to not work properly --- xExtension-Captcha/README.md | 4 ++++ xExtension-Captcha/extension.php | 2 +- xExtension-Captcha/metadata.json | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/xExtension-Captcha/README.md b/xExtension-Captcha/README.md index b57c6699..978c248a 100644 --- a/xExtension-Captcha/README.md +++ b/xExtension-Captcha/README.md @@ -36,6 +36,10 @@ If you are having trouble with logging in after configuring the extension, you c ## Changelog +* 1.0.4 [2026-03-11] + * Fixed wrong path in CSP causing reCAPTCHA to not work properly, regression from v1.0.1 (https://github.com/FreshRSS/Extensions/discussions/434) +* 1.0.3 [2025-12-17] + * Minor code changes (https://github.com/FreshRSS/Extensions/pull/406) * 1.0.2 [2025-12-06] * Remove warning about unsafe autologin, since it's been removed in FreshRSS 1.28.0 * 1.0.1 [2025-09-20] diff --git a/xExtension-Captcha/extension.php b/xExtension-Captcha/extension.php index 32635c57..5f0129e8 100644 --- a/xExtension-Captcha/extension.php +++ b/xExtension-Captcha/extension.php @@ -189,7 +189,7 @@ public static function loadDependencies(): array { $csp_hosts = 'https://' . ($csp_hosts['host'] ?? ''); if ($csp_hosts === 'https://www.google.com') { // Original js_url injects script from www.gstatic.com therefore this is needed - $csp_hosts .= "/recaptcha/api.js https://www.gstatic.com/recaptcha/"; + $csp_hosts .= "/recaptcha/ https://www.gstatic.com/recaptcha/"; } elseif ($csp_hosts === 'https://js.hcaptcha.com') { $csp_hosts = 'https://hcaptcha.com https://*.hcaptcha.com'; } diff --git a/xExtension-Captcha/metadata.json b/xExtension-Captcha/metadata.json index ac103000..cd17a3df 100644 --- a/xExtension-Captcha/metadata.json +++ b/xExtension-Captcha/metadata.json @@ -2,7 +2,7 @@ "name": "Form Captcha", "author": "Inverle", "description": "Protect register/login forms with captcha", - "version": "1.0.3", + "version": "1.0.4", "entrypoint": "Captcha", "type": "system" } From aa3aeff3b019aeff20ab6cc74f5c817a8e2d6b92 Mon Sep 17 00:00:00 2001 From: Inverle Date: Wed, 11 Mar 2026 16:19:17 +0100 Subject: [PATCH 2/2] Make markdownlint happy --- xExtension-Captcha/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xExtension-Captcha/README.md b/xExtension-Captcha/README.md index 978c248a..0f1dac79 100644 --- a/xExtension-Captcha/README.md +++ b/xExtension-Captcha/README.md @@ -37,9 +37,9 @@ If you are having trouble with logging in after configuring the extension, you c ## Changelog * 1.0.4 [2026-03-11] - * Fixed wrong path in CSP causing reCAPTCHA to not work properly, regression from v1.0.1 (https://github.com/FreshRSS/Extensions/discussions/434) + * Fixed wrong path in CSP causing reCAPTCHA to not work properly, regression from v1.0.1 [#434](https://github.com/FreshRSS/Extensions/discussions/434) * 1.0.3 [2025-12-17] - * Minor code changes (https://github.com/FreshRSS/Extensions/pull/406) + * Minor code changes [#406](https://github.com/FreshRSS/Extensions/pull/406) * 1.0.2 [2025-12-06] * Remove warning about unsafe autologin, since it's been removed in FreshRSS 1.28.0 * 1.0.1 [2025-09-20]