When embedding Dynamics 365 event registration forms that use hCaptcha on Power Pages, you need to configure the Content Security Policy (CSP) correctly to ensure the form loads and functions as expected.
Required CSP Directives
Add the following CSP directives to allow the form and hCaptcha to load without violations:
connect-src
'self' https://content.powerapps.com https://*.microsoft.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-apj.mkt.dynamics.comdefault-src
'self' https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-apj.mkt.dynamics.com https://*.hcaptcha.comfont-src
'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.sharepointonline.com http://*.cdn.office.net https://*.microsoft.com https://content.powerapps.comform-action
'self'frame-ancestors
'self' https://*.hcaptcha.comframe-src
'self' https://*.hcaptcha.comimg-src
'self' data: https://content.powerapps.com https://*.microsoft.com https://*.azureedge.net https://public-apj.mkt.dynamics.comobject-src
https://cxppusa1formui01cdnsa01-endpoint.azureedge.netscript-src
'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://content.powerapps.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-apj.mkt.dynamics.com https://www.gstatic.com https://www.google.com https://*.hcaptcha.comstyle-src
'self' 'unsafe-inline' https://fonts.googleapis.com https://*.microsoft.com https://content.powerapps.comTip
Always verify these settings in your Power Pages site configuration and test the form to ensure hCaptcha renders properly without CSP violations.
