README update about hcaptcha or google captcha content-security policy

CHANGELOG.md

@@ -9,3 +9,5 @@
   - Merge webring and local board list and improve webring search and filter functionality
   - New stat section of homepage
   - Replaced fatchan styled/branded spoiler image
+  - Fixed undefined hcaptcha site key bug
+  - Updated README with info about nginx CSP for 3rd party captcha providers

README.md

@@ -107,6 +107,8 @@ geoip_country /usr/share/GeoIP/GeoIP.dat;
 ```
 If your nginx doesn't have the necessary module by default, or is using v2 instead, find your own guide.
 
+If you plan on using hcaptcha or google recaptcha, you will need to modify the content-security-policy header (CSP) in your nginx config. (documentation: [google recaptcha](https://developers.google.com/recaptcha/docs/faq#im-using-content-security-policy-csp-on-my-website.-how-can-i-configure-it-to-work-with-recaptcha), [hcaptcha](https://docs.hcaptcha.com/#content-security-policy-settings))
+
 If you use cloudflare, please read [these](https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-) [articles](https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation) to setup proper IP forwarding and geolocation headers. Similar steps would apply to other CDNs/reverse proxies.
 
 Also included is an "nginx_advanced" config, and a snippets folder for advanced users who want to better organise and more easily customise the nginx configuration. It functions the same as the normal nginx.example, but you need to create the snippets folder in /etc/nginx/snippets, copy the example snippets, and edit them with your domain and installation path.