Sandbox/iframe issues with Turnstile #666
Description
Environment
- Node Version: v22.18.0
- Nuxt Version: 4.1.3
- CLI Version: 3.28.0
- Nitro Version: 2.12.7
- Package Manager: pnpm@9.6.0
- Builder: -
- User Config: security, vite, typescript, alias, turnstile..
- Runtime Modules: nuxt-security@2.5.0, @nuxtjs/turnstile@1.1.0..Nuxt Security Version
2.5.0
Default setup used?
No, the bug happens only when I set custom values for the security option
Security options
Not providing for security reasons, happy to msg privatelyReproduction
N/A
Description
My form was working with Turnstile before installing Nuxt Security.
I'm now getting console errors when I load the page:
-
Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
-
Uncaught TurnstileError: [Cloudflare Turnstile] Error: 110200.
ChatGPT suggests this is occurring because Nuxt Security is adding sandbox="allow-same-origin allow-scripts allow-popups", and that it also needs "allow-forms" in here.
I also tried injecting custom attributes via Nuxt config:
contentSecurityPolicy: {
sandbox: ['allow-scripts', 'allow-same-origin', 'allow-forms']
}
.. but this didn't work.
Additional context
No response
Logs
Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Uncaught TurnstileError: [Cloudflare Turnstile] Error: 110200.
at v (api.js:1:10348)
at M (api.js:1:37818)