Browser CSP errors

  • Resolved rbstern

    (@rbstern)


    2 years, 11 months ago

    Within the last week, we started receiving complaints from customers about the Stripe payment method not working. Specifically, the button did not submit the payment info to Stripe. We’ve been able to recreate it, but not consistently. As best I can tell, from the Chrome browser console errors, it’s a content security policy issue related to Stripe cookies. We don’t set any CSP headers, so I’m not sure why this would suddenly appear. I have admin control of the server; no changes there, so it’s not a hosting problem.

    When I explicitly tell Chrome to allow cookies from *.stripe.com, the error resolves. When I removed that exception, the problem remains resolved, but I am getting a brand new errror: Error with Permissions-Policy header: Unrecognized feature: ‘ch-ua-form-factor’.

    Any insight appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Clayton R

    (@mrclayton)

    2 years, 11 months ago

    Hi @rbstern

    I don’t believe your issue would be related to a CSP but that being said, I’d like to forward this on to the Stripe engineering team as we have seen an uptick in similar requests.

    Can you share your account ID so I can provide that info to Stripe along with the url of the affected site?

    Do you have any special instructions on how to re-create this behavior on your site?

    Are you using the Stripe payment form for credit cards?

    Those CSP notices are being generated by the js.stripe.com script so we are limited on what we can do within the plugin to change that behavior.

    Kind Regards

    Thread Starter rbstern

    (@rbstern)

    2 years, 11 months ago

    Thanks for the response. Do you have an email or other mechanism so I can share details? Cannot post them in a public forum.

    Plugin Author Clayton R

    (@mrclayton)

    2 years, 11 months ago

    Hi @rbstern

    You can use our contact us to create a support ticket to share the requested info which was your website url and Stripe account ID.

    Disclaimer for any mods reading this thread. We are NOT requesting access to this merchant’s site, simply the website url and Stripe account ID which the user @rbstern does not wish to share publicly via this forum.

    Kind Regards

    Thread Starter rbstern

    (@rbstern)

    2 years, 11 months ago

    Thank you. Support ticket created with additional details.

    Plugin Author Clayton R

    (@mrclayton)

    2 years, 11 months ago

    Settings to resolved. The issue was related to the Stripe inline form and Link being active at the same time.

    When using Link, the Stripe payment form should be active.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Browser CSP errors’ is closed to new replies.