What is the name of the domain?
What is the issue you’re encountering
Content Security Policy script-src doesn’t match rewritten URL for api.js
What steps have you taken to resolve the issue?
Trying to determine if Cisco Umbrella is rewriting the api.js url
What are the steps to reproduce the issue?
User was not able to pass the Turnstile check because the URL for the api.js was rewritten to:
https://challenges.cloudflare.com.x..id.opendns.com/s/challenges.cloudflare.com/turnstile/v0/api.js?X-OpenDNS-Session=__render=explicit
This doesn’t match the Content Security Policy script-src https://challenges.cloudflare.com we are (currently) using.
Any idea why opendns.com is rewriting this url?