From eae47e740d9defa25c311a9646629c84e54557ce Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 02:26:45 +0000 Subject: [PATCH 1/4] Add hCaptcha CSP requirements to domain allowlist Generated-By: mintlify-agent --- deploy/csp-configuration.mdx | 10 ++++++---- es/deploy/csp-configuration.mdx | 10 ++++++---- fr/deploy/csp-configuration.mdx | 10 ++++++---- zh/deploy/csp-configuration.mdx | 10 ++++++---- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/deploy/csp-configuration.mdx b/deploy/csp-configuration.mdx index df032a96e..ef894ce3c 100644 --- a/deploy/csp-configuration.mdx +++ b/deploy/csp-configuration.mdx @@ -44,6 +44,8 @@ The following CSP directives control which resources a page can load: | `chat-assets.frontapp.com` | Front chat widget | `script-src` | Optional | | `browser.sentry-cdn.com` | Sentry error tracking | `script-src`, `connect-src` | Optional | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | Optional | +| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | +| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | ## Example CSP configuration @@ -56,13 +58,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` ## Common configurations by proxy type diff --git a/es/deploy/csp-configuration.mdx b/es/deploy/csp-configuration.mdx index 88de30683..371b4b6c1 100644 --- a/es/deploy/csp-configuration.mdx +++ b/es/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ Las siguientes directivas de CSP controlan qué recursos puede cargar una págin | `chat-assets.frontapp.com` | Widget de chat de Front | `script-src` | Opcional | | `browser.sentry-cdn.com` | Seguimiento de errores con Sentry | `script-src`, `connect-src` | Opcional | | `js.sentry-cdn.com` | SDK de JavaScript de Sentry | `script-src` | Opcional | +| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional | +| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional |
## Ejemplo de configuración de CSP @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` diff --git a/fr/deploy/csp-configuration.mdx b/fr/deploy/csp-configuration.mdx index e348490b2..536482005 100644 --- a/fr/deploy/csp-configuration.mdx +++ b/fr/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ Les directives CSP suivantes contrôlent quelles ressources une page peut charge | `chat-assets.frontapp.com` | Widget de chat Front | `script-src` | Facultatif | | `browser.sentry-cdn.com` | Suivi des erreurs Sentry | `script-src`, `connect-src` | Facultatif | | `js.sentry-cdn.com` | SDK JavaScript Sentry | `script-src` | Facultatif | +| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif | +| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif |
## Exemple de configuration CSP @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` diff --git a/zh/deploy/csp-configuration.mdx b/zh/deploy/csp-configuration.mdx index 175d7ddb4..3fb41253a 100644 --- a/zh/deploy/csp-configuration.mdx +++ b/zh/deploy/csp-configuration.mdx @@ -48,6 +48,8 @@ keywords: ["内容安全策略", "CSP", "指令", "安全标头", "防火墙", " | `chat-assets.frontapp.com` | Front 聊天小部件 | `script-src` | 可选 | | `browser.sentry-cdn.com` | Sentry 错误监控 | `script-src`, `connect-src` | 可选 | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | 可选 | +| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 | +| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 |
## 示例 CSP 配置 @@ -62,13 +64,13 @@ Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com tag.clearbitscripts.com cdn.heapanalytics.com chat.cdn-plain.com chat-assets.frontapp.com -browser.sentry-cdn.com js.sentry-cdn.com; -style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; +browser.sentry-cdn.com js.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com -www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com; -frame-src 'self' *.mintlify.dev; +www.googletagmanager.com cdn.segment.com plausible.io us.posthog.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; +frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` From 00ba45027d907f97c6f58b4fb531a1d3cff2fca9 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 17:25:51 +0000 Subject: [PATCH 2/4] Mark hCaptcha CSP domains as required Generated-By: mintlify-agent --- deploy/csp-configuration.mdx | 4 ++-- es/deploy/csp-configuration.mdx | 4 ++-- fr/deploy/csp-configuration.mdx | 4 ++-- zh/deploy/csp-configuration.mdx | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/csp-configuration.mdx b/deploy/csp-configuration.mdx index ef894ce3c..f7d2c1ccf 100644 --- a/deploy/csp-configuration.mdx +++ b/deploy/csp-configuration.mdx @@ -44,8 +44,8 @@ The following CSP directives control which resources a page can load: | `chat-assets.frontapp.com` | Front chat widget | `script-src` | Optional | | `browser.sentry-cdn.com` | Sentry error tracking | `script-src`, `connect-src` | Optional | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | Optional | -| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | -| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Optional | +| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Required | +| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Required | ## Example CSP configuration diff --git a/es/deploy/csp-configuration.mdx b/es/deploy/csp-configuration.mdx index 371b4b6c1..297285b81 100644 --- a/es/deploy/csp-configuration.mdx +++ b/es/deploy/csp-configuration.mdx @@ -48,8 +48,8 @@ Las siguientes directivas de CSP controlan qué recursos puede cargar una págin | `chat-assets.frontapp.com` | Widget de chat de Front | `script-src` | Opcional | | `browser.sentry-cdn.com` | Seguimiento de errores con Sentry | `script-src`, `connect-src` | Opcional | | `js.sentry-cdn.com` | SDK de JavaScript de Sentry | `script-src` | Opcional | -| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional | -| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Opcional | +| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatorio | +| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatorio |
## Ejemplo de configuración de CSP diff --git a/fr/deploy/csp-configuration.mdx b/fr/deploy/csp-configuration.mdx index 536482005..1e327e58d 100644 --- a/fr/deploy/csp-configuration.mdx +++ b/fr/deploy/csp-configuration.mdx @@ -48,8 +48,8 @@ Les directives CSP suivantes contrôlent quelles ressources une page peut charge | `chat-assets.frontapp.com` | Widget de chat Front | `script-src` | Facultatif | | `browser.sentry-cdn.com` | Suivi des erreurs Sentry | `script-src`, `connect-src` | Facultatif | | `js.sentry-cdn.com` | SDK JavaScript Sentry | `script-src` | Facultatif | -| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif | -| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Facultatif | +| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatoire | +| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatoire |
## Exemple de configuration CSP diff --git a/zh/deploy/csp-configuration.mdx b/zh/deploy/csp-configuration.mdx index 3fb41253a..df1ced282 100644 --- a/zh/deploy/csp-configuration.mdx +++ b/zh/deploy/csp-configuration.mdx @@ -48,8 +48,8 @@ keywords: ["内容安全策略", "CSP", "指令", "安全标头", "防火墙", " | `chat-assets.frontapp.com` | Front 聊天小部件 | `script-src` | 可选 | | `browser.sentry-cdn.com` | Sentry 错误监控 | `script-src`, `connect-src` | 可选 | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | 可选 | -| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 | -| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 可选 | +| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 必需 | +| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 必需 |
## 示例 CSP 配置 From a563798661267010b71d969119226fe034a9910d Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 17:31:43 +0000 Subject: [PATCH 3/4] Reorder hCaptcha CSP rows with required entries and add unsafe-eval/unsafe-inline Generated-By: mintlify-agent --- deploy/csp-configuration.mdx | 4 ++-- es/deploy/csp-configuration.mdx | 4 ++-- fr/deploy/csp-configuration.mdx | 4 ++-- zh/deploy/csp-configuration.mdx | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/csp-configuration.mdx b/deploy/csp-configuration.mdx index f7d2c1ccf..076f30eb8 100644 --- a/deploy/csp-configuration.mdx +++ b/deploy/csp-configuration.mdx @@ -33,6 +33,8 @@ The following CSP directives control which resources a page can load: | `*.mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Required | | `cdn.jsdelivr.net` | Emoji assets for OG images | `script-src`, `img-src` | Required | | `mintlify.s3.us-west-1.amazonaws.com` | S3-hosted images | `img-src` | Required | +| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Required | +| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Required | | `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Optional | | `www.googletagmanager.com` | Google Analytics/Google Tag Manager (GTM) | `script-src`, `connect-src` | Optional | | `cdn.segment.com` | Segment analytics | `script-src`, `connect-src` | Optional | @@ -44,8 +46,6 @@ The following CSP directives control which resources a page can load: | `chat-assets.frontapp.com` | Front chat widget | `script-src` | Optional | | `browser.sentry-cdn.com` | Sentry error tracking | `script-src`, `connect-src` | Optional | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | Optional | -| `hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Required | -| `*.hcaptcha.com` | hCaptcha CAPTCHA verification | `script-src`, `frame-src`, `style-src`, `connect-src` | Required | ## Example CSP configuration diff --git a/es/deploy/csp-configuration.mdx b/es/deploy/csp-configuration.mdx index 297285b81..d3e1f2a0c 100644 --- a/es/deploy/csp-configuration.mdx +++ b/es/deploy/csp-configuration.mdx @@ -37,6 +37,8 @@ Las siguientes directivas de CSP controlan qué recursos puede cargar una págin | `*.mintcdn.com` | Imágenes, favicons | `img-src`, `connect-src` | Obligatorio | | `cdn.jsdelivr.net` | Recursos de emojis para imágenes OG | `script-src`, `img-src` | Obligatorio | | `mintlify.s3.us-west-1.amazonaws.com` | Imágenes alojadas en S3 | `img-src` | Obligatorio | +| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Obligatorio | +| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Obligatorio | | `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Opcional | | `www.googletagmanager.com` | Google Analytics/Google Tag Manager (GTM) | `script-src`, `connect-src` | Opcional | | `cdn.segment.com` | Segment Analytics | `script-src`, `connect-src` | Opcional | @@ -48,8 +50,6 @@ Las siguientes directivas de CSP controlan qué recursos puede cargar una págin | `chat-assets.frontapp.com` | Widget de chat de Front | `script-src` | Opcional | | `browser.sentry-cdn.com` | Seguimiento de errores con Sentry | `script-src`, `connect-src` | Opcional | | `js.sentry-cdn.com` | SDK de JavaScript de Sentry | `script-src` | Opcional | -| `hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatorio | -| `*.hcaptcha.com` | Verificación CAPTCHA de hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatorio |
## Ejemplo de configuración de CSP diff --git a/fr/deploy/csp-configuration.mdx b/fr/deploy/csp-configuration.mdx index 1e327e58d..439d21550 100644 --- a/fr/deploy/csp-configuration.mdx +++ b/fr/deploy/csp-configuration.mdx @@ -37,6 +37,8 @@ Les directives CSP suivantes contrôlent quelles ressources une page peut charge | `*.mintcdn.com` | Images, favicons | `img-src`, `connect-src` | Obligatoire | | `cdn.jsdelivr.net` | Ressources emoji pour images OG | `script-src`, `img-src` | Obligatoire | | `mintlify.s3.us-west-1.amazonaws.com` | Images hébergées sur S3 | `img-src` | Obligatoire | +| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Obligatoire | +| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | Obligatoire | | `fonts.googleapis.com` | Google Fonts | `style-src`, `font-src` | Facultatif | | `www.googletagmanager.com` | Google Analytics/Google Tag Manager (GTM) | `script-src`, `connect-src` | Facultatif | | `cdn.segment.com` | Segment Analytics | `script-src`, `connect-src` | Facultatif | @@ -48,8 +50,6 @@ Les directives CSP suivantes contrôlent quelles ressources une page peut charge | `chat-assets.frontapp.com` | Widget de chat Front | `script-src` | Facultatif | | `browser.sentry-cdn.com` | Suivi des erreurs Sentry | `script-src`, `connect-src` | Facultatif | | `js.sentry-cdn.com` | SDK JavaScript Sentry | `script-src` | Facultatif | -| `hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatoire | -| `*.hcaptcha.com` | Vérification CAPTCHA hCaptcha | `script-src`, `frame-src`, `style-src`, `connect-src` | Obligatoire |
## Exemple de configuration CSP diff --git a/zh/deploy/csp-configuration.mdx b/zh/deploy/csp-configuration.mdx index df1ced282..2034681f2 100644 --- a/zh/deploy/csp-configuration.mdx +++ b/zh/deploy/csp-configuration.mdx @@ -37,6 +37,8 @@ keywords: ["内容安全策略", "CSP", "指令", "安全标头", "防火墙", " | `*.mintcdn.com` | 图像、网站图标 | `img-src`, `connect-src` | 必需 | | `cdn.jsdelivr.net` | OG 图片的表情资源 | `script-src`, `img-src` | 必需 | | `mintlify.s3.us-west-1.amazonaws.com` | 托管在 S3 上的图像 | `img-src` | 必需 | +| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | 必需 | +| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src`, `unsafe-eval`, `unsafe-inline` | 必需 | | `fonts.googleapis.com` | Google 字体 | `style-src`, `font-src` | 可选 | | `www.googletagmanager.com` | Google Analytics/Google Tag Manager (GTM) | `script-src`, `connect-src` | 可选 | | `cdn.segment.com` | Segment 分析 | `script-src`, `connect-src` | 可选 | @@ -48,8 +50,6 @@ keywords: ["内容安全策略", "CSP", "指令", "安全标头", "防火墙", " | `chat-assets.frontapp.com` | Front 聊天小部件 | `script-src` | 可选 | | `browser.sentry-cdn.com` | Sentry 错误监控 | `script-src`, `connect-src` | 可选 | | `js.sentry-cdn.com` | Sentry JavaScript SDK | `script-src` | 可选 | -| `hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 必需 | -| `*.hcaptcha.com` | hCaptcha 验证码验证 | `script-src`, `frame-src`, `style-src`, `connect-src` | 必需 |
## 示例 CSP 配置 From bdd563825b1d179205aae200d08267e319da4d79 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 20:12:31 +0000 Subject: [PATCH 4/4] Add hCaptcha domains to all proxy-specific CSP examples Generated-By: mintlify-agent --- deploy/csp-configuration.mdx | 6 +++--- es/deploy/csp-configuration.mdx | 6 +++--- fr/deploy/csp-configuration.mdx | 6 +++--- zh/deploy/csp-configuration.mdx | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/deploy/csp-configuration.mdx b/deploy/csp-configuration.mdx index 076f30eb8..ec3d1031c 100644 --- a/deploy/csp-configuration.mdx +++ b/deploy/csp-configuration.mdx @@ -82,7 +82,7 @@ Create a Response Header Transform Rule: - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` 4. Deploy your rule. @@ -97,7 +97,7 @@ Add a response headers policy in CloudFront: "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;", "Override": true } } @@ -118,7 +118,7 @@ Add to your `vercel.json`: "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;" } ] } diff --git a/es/deploy/csp-configuration.mdx b/es/deploy/csp-configuration.mdx index d3e1f2a0c..f6b2373d2 100644 --- a/es/deploy/csp-configuration.mdx +++ b/es/deploy/csp-configuration.mdx @@ -94,7 +94,7 @@ Crea una regla de transformación de encabezados de respuesta: - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` 4. Publica la regla. @@ -112,7 +112,7 @@ Agrega una política de encabezados de respuesta en CloudFront: "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;", "Override": true } } @@ -136,7 +136,7 @@ Agrega en tu `vercel.json`: "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;" } ] } diff --git a/fr/deploy/csp-configuration.mdx b/fr/deploy/csp-configuration.mdx index 439d21550..3ffa4d03f 100644 --- a/fr/deploy/csp-configuration.mdx +++ b/fr/deploy/csp-configuration.mdx @@ -94,7 +94,7 @@ Créez une règle de transformation des en-têtes de réponse : - **Header name**: `Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` 4. Déployez la règle. @@ -112,7 +112,7 @@ Ajoutez une stratégie d’en-têtes de réponse dans CloudFront : "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;", "Override": true } } @@ -136,7 +136,7 @@ Ajoutez ceci à votre `vercel.json` : "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;" } ] } diff --git a/zh/deploy/csp-configuration.mdx b/zh/deploy/csp-configuration.mdx index 2034681f2..0971b3e6e 100644 --- a/zh/deploy/csp-configuration.mdx +++ b/zh/deploy/csp-configuration.mdx @@ -94,7 +94,7 @@ frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; - **Header name**:`Content-Security-Policy` - **Header value**: ```text wrap - default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev; + default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; ``` 4. 部署该规则。 @@ -112,7 +112,7 @@ frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; "Config": { "SecurityHeadersConfig": { "ContentSecurityPolicy": { - "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;", + "ContentSecurityPolicy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;", "Override": true } } @@ -136,7 +136,7 @@ frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com; "headers": [ { "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com; frame-src 'self' *.mintlify.dev;" + "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com hcaptcha.com *.hcaptcha.com; font-src 'self' d4tuoctqmanu0.cloudfront.net fonts.googleapis.com; img-src 'self' data: blob: d3gk2c5xim1je2.cloudfront.net mintcdn.com *.mintcdn.com cdn.jsdelivr.net mintlify.s3.us-west-1.amazonaws.com; connect-src 'self' *.mintlify.dev *.mintlify.com d1ctpt7j8wusba.cloudfront.net mintcdn.com *.mintcdn.com hcaptcha.com *.hcaptcha.com; frame-src 'self' *.mintlify.dev hcaptcha.com *.hcaptcha.com;" } ] }