Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-5V6C2RzmNiiJNudr’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.
What is the issue you’re encountering
Having own CSP Policy with Nonce which will be added to script tag for turnstile api.js. But still error occurs
What steps have you taken to resolve the issue?
Having following CSP:
Including Cloudflare Turnstile via:
Getting: v1?ray=915650d21c737264&lang=auto:1 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-5V6C2RzmNiiJNudr’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.
Since yesterday, I am facing this error on many sites including this page (CSP Error integrating turnstile into my page). This page stays in verify human loop. This issue is on chromium. On Edge chromium, it works fine.
I am facing the same issue, especially even though CSP has been totally removed from my headers, apparently the challenge sent to Cloudflare seemed to have cached the previous setup, and it just kept reloading the old setup, and now it seems I am unable to login at all, hope someone from the Cloudflare team can assist, as it is a critical issue for me at the moment.