HCaptcha doesn't use script integrity checking for status page
The following discussion from !150 (merged) should be addressed:
-
@zacharysabourin started a discussion: (+2 comments) This was a security risk. As per the recommendations on this page, I downloaded the file to a temp folder and generated a hash using this command:
cat api.js?hl=en | openssl dgst -sha384 -binary | openssl base64 -A