From 2f89a28f736d3a9a1d2cb348c47dec97c052df43 Mon Sep 17 00:00:00 2001
From: Mike Fiedler <miketheman@gmail.com>
Date: Fri, 31 Mar 2023 12:32:10 +0000
Subject: [PATCH] fix: add gstatic.cn domain for recaptcha

Thanks to some extra debugging detaisl, we can see that the script
is being loaded via a different Google Static domain in China.

Refs: #3174, #13232, #13350

Signed-off-by: Mike Fiedler <miketheman@gmail.com>
---
 tests/unit/test_recaptcha.py | 1 +
 warehouse/recaptcha.py       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/tests/unit/test_recaptcha.py b/tests/unit/test_recaptcha.py
index 56f8652c5de5..5aee376ee3e2 100644
--- a/tests/unit/test_recaptcha.py
+++ b/tests/unit/test_recaptcha.py
@@ -243,6 +243,7 @@ def test_csp_policy(self):
             "script-src": [
                 "{request.scheme}://www.recaptcha.net/recaptcha/",
                 "{request.scheme}://www.gstatic.com/recaptcha/",
+                "{request.scheme}://www.gstatic.cn/recaptcha/",
             ],
             "frame-src": ["{request.scheme}://www.recaptcha.net/recaptcha/"],
             "style-src": ["'unsafe-inline'"],
diff --git a/warehouse/recaptcha.py b/warehouse/recaptcha.py
index 70d5a2329726..3dd8df5b8f1e 100644
--- a/warehouse/recaptcha.py
+++ b/warehouse/recaptcha.py
@@ -68,6 +68,7 @@ def csp_policy(self):
             "script-src": [
                 "{request.scheme}://www.recaptcha.net/recaptcha/",
                 "{request.scheme}://www.gstatic.com/recaptcha/",
+                "{request.scheme}://www.gstatic.cn/recaptcha/",
             ],
             "frame-src": [
                 "{request.scheme}://www.recaptcha.net/recaptcha/",