n/a
we are seeing these errros is safari which is stopping turnstile from working,Unrecognized Content-Security-Policy directive ‘script-src-attr’.Unrecognized Content-Security-Policy directive ‘worker-src’.
everything works fine in chrome and firefox
What version of Safari are you running? Do you have a Ray ID?
older version 13.1.2, how do i get the RAY ID?
i got it i think: cf-ray: 911d4bef1e0b94d9-LHR
need any of the other headers?
@mdemoura any info here?
@mdemoura are you looking into this?, as its gone radio silent in here
+1
same here
Unsupported CSP directives are ignored by the browser, so there should be no issues with execution. I’m unable to reproduce the issue with Turnstile on that exact Safari version, do you have another ray ID? What behavior do you observe, does Turnstile return an error code instead of success?
I’ve actually started seeing this in Chrome now, before it wasn’t there:
v1?ray=91a9cd7d7cfc77a0&lang=auto:1 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-Ud3MmAcgVqkeHvxw’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.
I’m also seeing issues with Safari, but only in some cases. The error I’m seeing in the dev console is also being discussed in this thread: Turnsite CSP violation, how to fix?
Same error on my side, here’s my rayId and log
v1?ray=91ac6f7c3cccccb1&lang=auto
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-VVsEWmlsLqAqRisj’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.