#hao-3ds-csp

I checked my own app. We don't have CSP configured. I think this actually might be the CSP in the Stripe elements iframe itself

I can also reproduce just by loading the following URL in the browser https://js.stripe.com/v3/three-ds-2-fingerprint-7ec1c6e67da71a7bd5e31b4f6d41a0e9.html

hello, I'm not the most informed on CSP but the first thing I wanna ask - I assume you're displaying the 3DS authentication iframe in your own iframe (in your integration)?

or letting Stripe.js / Elements handle it

We use Stripe.js / Elements

ok, in live mode when you tested, what does it block for you? like what do you see on the webpage?
an empty modal? no modal? a model but something on it missing?

no modal

I see 3DS is not triggered and the card is set up directly

and I see the error message in the JS console

the card is set up directly
what do you mean? like the SetupIntent (or PaymentIntent) is in status: succeeded ?

hao-3ds-csp

Let me check

This is the log

https://dashboard.stripe.com/logs/req_aZYuE69sKTKNrR

I believe we call setup_intent on the server side, and have Stripe JS handle the rest of the flow

The Stirpe program is atob-fleet

Just catching up as my colleague needs to step away

This request created a SetupIntent successfully. The current status of the SetupIntent is requires_payment_method, so payment details are missing.

I see this is in live mode though. Have you tested 3DS in test mode with test card numbers?

https://stripe.com/docs/testing#regulatory-cards

Yes, in test mode everything works correctly

I see. Do you have a SetupIntent ID where 3DS was not correctly displayed? It's possible that this particular SetupIntent did not require additional authentication.

The SetupIntent that was created by req_aZYuE69sKTKNrR won't be much help at the moment, as card details haven't been collected

Let me check around it

I am also testing to display the iframe 3DS myslef, however, the response is different with the documentation

I will open a new thread on this to discuss

For this thread, I will find you a more relavant log on the 3DS in Stripe JS

So I found a few things:

1. This is the setup_intent my app created on the server side: https://dashboard.stripe.com/logs/req_idqrjDWOWDqUYh

2. This is the setup intent follow up call from Stripe JS https://dashboard.stripe.com/logs/req_9U3Sk9T2voBcjU

I also see in the browser that goes to https://geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/SaveBrowserData

Does that mean that the 3DS v2 is run and no additional log is needed for the debit card?

Taking a look at the details

I see a reference on my end to 3DS for that SetupIntent

3DS appears to have succeeded in this case

oh

3DS runs successfulyl without any user input? I was under impression that it will pop up some dialog from the issuing bank?

Potentially, yes. That's what's called "frictionless" flow: https://support.stripe.com/questions/frictionless-flow-for-charges-created-using-3d-secure-2-(3ds2)

Great thanks

Do you know any bank that will runs the 3DS v1 way?

Not off the top of my head, no. I believe most support 3DSv2 now

Cool thanks

I will ask another question now

Right now we use Stripe elements to handle the 3DS flow. What if we want to implement 3DS flow our sevles?

Context: we are using a tokenization service to collect cards info and add the debit cards to multiple Stripe programs we own, so that we might not be able to use Stripe elements.

When I try it https://dashboard.stripe.com/logs/req_BiFPEM8Z3NOt9G

The response is very different with the documentation on 3DS

https://stripe.com/docs/payments/3d-secure#manual-redirect

How to handle the next action if it is use_stripe_sdk?

I see there's a value for three_ds_method_url under next_action

Digging into whether this is what should be followed

Ah, next_action.use_stripe_sdk is used when confirming a SetupIntent on the frontend: https://stripe.com/docs/api/setup_intents/object#setup_intent_object-next_action-use_stripe_sdk

Does that mean I have to use Stripe.js to load this?

Is there any documentation on that?

👋 stepping in as roadrunner needed to step away

Can you summarize the question here?

Sounds like you are talking about handling 3DS?

Yes

My question is that when I request 3DS when calling 3DS

I am not sure how to handle next_action

Because it is very different with the documentation

The Stripe documentation https://stripe.com/docs/payments/3d-secure#manual-redirect

When I try it https://dashboard.stripe.com/logs/req_BiFPEM8Z3NOt9G

Gotcha

Yeah there are two ways

Either you specify the return_url when you create the SetupIntent (https://stripe.com/docs/api/setup_intents/create#create_setup_intent-return_url) which allows you to control the modal presentation yourself. Or you use Stripe.JS to confirm client-side and the modal will be displayed for completion by the customer that way.

With your example above, you didn't pass a return_url so you would call stripe.confirmCardSetup client side

OK let me try quickly

Oh great, it works! THANK YOU!