I need to use ReCaptcha in our popup to prevent bot sign ups and mitigate brute force attempts.
However the Mozilla security policy of no remote scripts is making this difficult. I was told we can’t add the Google URLs to our CSP and do it that way.
I’ve tried adding the contents of https://www.gstatic.com/recaptcha/releases/A1Aard-wURuGsXRGA7JMOqVO/recaptcha__en_gb.js into the project and add it to web_accessible_resources and having another file which is a modified version of
Where we use
const recaptchaUrl = browser.runtime.getURL('vendor/recaptcha-main.js') for the script injection part of the ReCaptcha code.
However ReCaptcha doesn’t like this and the ready callback is never called.
How can we include ReCaptcha in our extension whilst not using remote scripts?
Any help would be greatly appreciated