23 April 2021 — Fix Missing Google "I am not a robot"

Last night, it appears Google changed the way their reCAPTCHA code is delivered. The result is that the whole thing fails to appear, and your users' web browser Javascript console will be full of errors about 'Content-Security-Policy' breaches.

RedHat / RPM based systems

On your ZendTo server:

  1. Edit the file /etc/httpd/conf.d/zendto-ssl.conf
  2. Find the very long line that starts
    Header set Content-Security-Policy
  3. On the end of that line, but before the double-quote '"' add
    https://www.recaptcha.net
  4. That whole line should now say
    Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net"
  5. Save the file and exit your text editor
  6. Run the command
    sudo systemctl reload httpd

You should now find the "I am not a robot" check appears correctly.

Debian / Ubuntu / APT based systems

On your ZendTo server:

  1. Edit the file /etc/apache2/sites-enabled/001-zendto-ssl.conf
  2. Find the very long line that starts
    Header set Content-Security-Policy
  3. On the end of that line, but before the double-quote '"' add
    https://www.recaptcha.net
  4. That whole line should now say
    Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net"
  5. Save the file and exit your text editor
  6. Run the command
    sudo systemctl reload apache2

You should now find the "I am not a robot" check appears correctly.