Google Recaptcha blocked

According to the ReCaptcha FAQ:

script-src https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/
frame-src https://www.google.com/recaptcha/, https://recaptcha.google.com/recaptcha/

please explain exactly how its supposed to be typed in here please:
https://prnt.sc/1DWVoRrMZPn7

If you need to allow *.google.com, you can try:

script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com *.google.com https://www.gstatic.com/recaptcha/; frame-src *.google.com;

If you don’t need to allow *.google.com, try:

script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;

Your code to allow ReCaptcha frame still doesnt allow the frame to appear as seen here:
https://prnt.sc/CGbWjN3wKdPc

Whats next ?

Open your browser’s console and paste here the error message that explains what it is blocking the frame.

Hows that done ?

To open the console:
-Edge, Chrome and Chromium browsers: CTRL + Shift + i
-FireFox: CTRL + Shift + e

Here’s an example of a frame blocked by the policy:

Noticed : https://prnt.sc/6_lW154_J6FN also blocking Google maps.

I reckon there needs to a code list to copy/paste into these settings from somewhere as this is NOT easy to configure

I can see 3 errors in your screenshot:

You need to remove the two * preceeding https.
script-src *https://www.google.com/recaptcha/.....
And:
frame-src *https://www.google.com/recaptcha/.....

There are also 2 occurrences of script-src. Remove the second one.

Ok, can you please correct this code as this is just taking too long to happen:

script-src frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com *.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/

I need Recaptcha & Maps to function correctly

Thank you kindly

This is the corrected code:

script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.youtu.be *.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;

Test if it works and check the browser’s console. If there was an error in the console, paste it here.

Thank you very muchly, most appreciated

now again theres a problem.

think you need to fix this issue about it being blocked, especially on mobile !

whats the point having recaptcha when this is blocking it

This does not work on mobile devices,

This screen shot from Mobile: https://prnt.sc/Q2z-k3c8gf_V

This screen shot from desktop: https://prnt.sc/-YNresCrdxGe

That’s the evidence I see

If you enable “Content-Security-Policy”, you need to configure them according to your site. There’s no generic rules because each site is unique. If you’re facing too many issues with them, disable them. That’s the reason why we don’t activate them by default.

Here’s some good documentation about CSP:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developers.google.com/web/fundamentals/security/csp/