We included Google reCaptcha v3 in a custom login page that protects SharePoint. The solution works in all browsers except the embedded browser of Office applications. We receive the following error from Word if we try to login via the embedded browser after opening a document from SharePoint:
Your organization's policies are preventing us from completing this action for you. For more info, please contact your help desk.
reCaptcha uses an iframe to work. This iframe looks like this:
<iframe src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=xxxxx;size=invisible&cb=xxxx" width="256" height="60" role="presentation" name="a-o41nkahmlajt" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"></iframe>
I confirmed that iframes with a relative src URL work (e.g. "/otherpage/on/same/host.html").
From this source I know that Office does not allow the navigation to any non-https end point.
I confirmed this by changing production html like I described here.
We can't change settings on the end-user clients because they are guest users.
Does anyone know how to allow specific external addresses for iframes in Office application's embedded browser? Is there maybe an alternative on how to embedd reCaptcha?