diff --git a/deploy/csp-configuration.mdx b/deploy/csp-configuration.mdx index df032a96e..ef894ce3c 100644 --- a/deploy/csp-configuration.mdx +++ b/deploy/csp-configuration.mdx @@ -44,6 +44,8 @@ The following CSP directives control which resources a page can load: | `chat-assets.frontapp.com` | Front chat widget | `script-src` | Optional | | `browser.sentry-cdn.com` | Sentry error tracking | `script-src`, `connect-src` | Optional | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | Optional | +| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | +| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | ## Example CSP configuration @@ -56,13 +58,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` ## Common configurations by proxy type diff --git a/es/deploy/csp-configuration.mdx b/es/deploy/csp-configuration.mdx index 88de30683..371b4b6c1 100644 --- a/es/deploy/csp-configuration.mdx +++ b/es/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ Las siguientes directivas de CSP controlan qué recursos puede cargar una págin | `chat-assets.frontapp.com` | Widget de chat de Front | `script-src` | Opcional | | `browser.sentry-cdn.com` | Seguimiento de errores con Sentry | `script-src`, `connect-src` | Opcional | | `js.sentry-cdn.com` | SDK de JavaScript de Sentry | `script-src` | Opcional | +| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional | +| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional |
## Ejemplo de configuración de CSP @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` diff --git a/fr/deploy/csp-configuration.mdx b/fr/deploy/csp-configuration.mdx index e348490b2..536482005 100644 --- a/fr/deploy/csp-configuration.mdx +++ b/fr/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ Les directives CSP suivantes contrôlent quelles ressources une page peut charge | `chat-assets.frontapp.com` | Widget de chat Front | `script-src` | Facultatif | | `browser.sentry-cdn.com` | Suivi des erreurs Sentry | `script-src`, `connect-src` | Facultatif | | `js.sentry-cdn.com` | SDK JavaScript Sentry | `script-src` | Facultatif | +| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif | +| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif |
## Exemple de configuration CSP @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` diff --git a/zh/deploy/csp-configuration.mdx b/zh/deploy/csp-configuration.mdx index 175d7ddb4..3fb41253a 100644 --- a/zh/deploy/csp-configuration.mdx +++ b/zh/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ keywords: ["内容安全策略", "CSP", "指令", "安全标头", "防火墙", " | `chat-assets.frontapp.com` | Front 聊天小部件 | `script-src` | 可选 | | `browser.sentry-cdn.com` | Sentry 错误监控 | `script-src`, `connect-src` | 可选 | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | 可选 | +| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 | +| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 |
## 示例 CSP 配置 @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ```