GoogleReCaptchaProvider ignores nonce

[giuseppe-zappala]

Hello,

I have a Next.js project in which I use the GoogleReCaptchaProvider to wrap my Component in _app.tsx.

despite explicitly passing a nonce value to scriptProps this value get ignored and a script with id google-recaptcha-v3 gets appended to the head/body with no nonce attribute.

Every other prop passed to the scriptProps object is correctly injected into the script (appendTo, async, defer, id), only the nonce seems to be completely ignored.

 <GoogleReCaptchaProvider
              scriptProps={{
                nonce: "test",
                appendTo: "body",
                async: true,
                defer: true,
              }}
              reCaptchaKey={process.env.NEXT_PUBLIC_RECAPTCHA_PUBLIC_KEY || ""}
              language="it"
              useRecaptchaNet={true}
            >

This is the script that gets appended, and that is not loaded because it violates CSP rules since it has no nonce value

<script id="google-recaptcha-v3" src="https://www.recaptcha.net/recaptcha/api.js?render=6LecZKYlAAAAAHIhL74zx-2SRTMe8FT5ugttGeoG&amp;hl=it" defer="" async=""></script>

Thank you in advance for attention

[wojtekmaj]

Hey @giuseppe-zappala!
I maintain a rewrite of this project that addresses several issues including this one. Check it out: https://github.com/wojtekmaj/react-recaptcha-v3