Content Security Policy Magento 2


Can somebody help me please with Content Security Policy warning messages in google console?
I read the article and installed the module, however, the console still shows the issue with Recaptcha.

I also added this line to whitelist file but it didn’t help.
<value id="google-recaptcha" type="host"></value>

I found it here.

Can somebody give me a tip on how to fix it?
Thank you.

Hi Pawel,
What Magento 2 version are you running on?
From what i’m aware after the 2.4.2 version the Core Content Security Policy (CSP) violations have been fixed :

Hi Andy,

I use M2.4.2. This CSP drives me crazy. I can’t get rid of these warnings.
Read quite a few articles, installed Craig’s module but the warnings still persist.

Any tip will be helpful.

Thank you in advance.

Run bin/magento module:status to check how many csp modules you have.
I had one from theme installed and one from craig. You have to keep only one

Are you seeing this when logging on as a customer on the frontend? If so, it isn’t a CSP issue, it is a Chrome Issue…see below which is a paste of my notes when I came across this issue. Note: In Magento 2.4 event fixing this issue the Recaptcha still didn’t work so I had to disable it. The github link may have a proper fix now, I haven’t revisited it for a over year.

Now getting Google Recaptcha not loading when you enter an email address. Getting unsafe-inline error, this is known…

Create /app/code/CUSTOMMODULENAME/Backend/etc/config.xml
With the following code:

<?xml version="1.0"?>
<config xmlns:xsi=""

• php bin/magento cache:clean

But still doesn’t load the Recaptcha when you enter your email address, so I’ve had to disable ReCAPTCHA V3 Invisible for Customer Login:

• Stores > Configuration > Security > Google reCAPTCHA Storefront > Enable for Customer Login changes form V3 to No

Hope that helps.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.