Description
I'm implementing Content Security Policy with nonce on my website and I'm trying to get recaptcha working with EWZ V3. I pass the generated nonce to EWZ using the "script_nonce_csp" option, but the recaptcha JS script is not permitted to be loaded because the EWZ library does not provide the nonce to the script tag. More details below:
File: src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig
Line: 4
Current value: <script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}"></script>
Proposed value: <script src="{{ form.vars.ewz_recaptcha_api_uri }}?render={{ form.vars.public_key }}" {% if form.vars.script_nonce_csp is defined and form.vars.script_nonce_csp is not same as('') %} nonce="{{ form.vars.script_nonce_csp }}"{% endif %}></script>
Is this correct, or am I doing something wrong when implementing it? Please let me know. Thank you.