Saurabh Jha | Stripe Developers | Page 1

rough cairnBOT Dec 22, 2022, 5:03 AM

#

ionic jay Dec 22, 2022, 5:05 AM

#

#

can you give me some info on this error?

lyric dawn Dec 22, 2022, 5:06 AM

#

That looks like an error on Saleforce

#

Is there any Doc you are following?

ionic jay Dec 22, 2022, 5:07 AM

#

no,

#

When the user is not logged into Salesforce and tries to use the community page, this error occurs

#

but when the user is logged in then everything runs smoothly

lyric dawn Dec 22, 2022, 5:08 AM

#

What Stripe integration are you using? The "stripe payment frame" you mentioned

ionic jay Dec 22, 2022, 5:09 AM

#

Stripe Payment Element

lyric dawn Dec 22, 2022, 5:09 AM

#

The Payment Element is inside the frame currently being refused, correct?

ionic jay Dec 22, 2022, 5:10 AM

#

yes

lyric dawn Dec 22, 2022, 5:10 AM

#

The nfpoob-dev-ed.my.saleforce.com frame

ionic jay Dec 22, 2022, 5:10 AM

#

I am using iframe to frame the payment element

ionic jay Dec 22, 2022, 5:11 AM

#

lyric dawn The nfpoob-dev-ed.my.saleforce.com frame

yes

lyric dawn Dec 22, 2022, 5:12 AM

#

Hmm I believe the whole frame nfpoob-dev-ed.my.saleforce.com is being rejected by CORS and it doesn't matter if you implement Payment Element inside it or not

ionic jay Dec 22, 2022, 5:12 AM

#

why is it getting rejected though?

lyric dawn Dec 22, 2022, 5:15 AM

#

I don't know. It the CORS setting that maybe Saleforce is enforcing, and unfortunately we don't have detail about it

#

If you just comment out the PaymentElement, you should see the same issue, right?

ionic jay Dec 22, 2022, 5:16 AM

#

no

#

it only throws error while framing the PaymentElement

lyric dawn Dec 22, 2022, 5:17 AM

#

Ahh okie

#

https://stackoverflow.com/questions/38535491/trying-to-render-iframe-ancestor-violates-the-following-content-security-policy

Stack Overflow

Trying to render iframe: ancestor violates the following Content Se...

I would like to render an iframe with the source being Github like so:

#

Okie I think I know why. Can you elaborate on this part?

I am using iframe to frame the payment element

ionic jay Dec 22, 2022, 5:19 AM

#

I have created a Visualforce Page which contains ' <script src="https://js.stripe.com/v3/"> </script>

#

and all the stripe payment related changes

#

and in my LWC I am referring to the visualforce page using Iframe

lyric dawn Dec 22, 2022, 5:27 AM

#

That visualforce page should be nfpoob-dev-ed.my.saleforce.com right?

ionic jay Dec 22, 2022, 5:30 AM

#

yes

lyric dawn Dec 22, 2022, 5:31 AM

#

Widen the visualforce page's frame-ancestor policy to include your LWC page domain like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
Avoid rendering the visualforce page using iframe, because Payment Element is an iframe itself and it could doesn't work while being nested inside another iframe

CSP: frame-ancestors - HTTP | MDN

The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using , , <object>, <embed>, or <applet>.

ionic jay Dec 22, 2022, 5:34 AM

#

so there is no issue from Stripe?

lyric dawn Dec 22, 2022, 5:37 AM

#

I believe it's the way we built Payment Element. Can you try the 1st approach first?

ionic jay Dec 22, 2022, 6:05 AM

#

I have tried it but no luck

lyric dawn Dec 22, 2022, 6:07 AM

#

Um so I think it's the requirement comes from inside the PaymentElement frame, that we don't allow it to be nested against another iframe

#

sorry

ionic jay Dec 22, 2022, 6:11 AM

#

but it works when the user has logged into Salesforce and then use the community page

#

😕

lyric dawn Dec 22, 2022, 6:15 AM

#

In that case is it still under the iframe

#

Can you compare the page structure between logged in and non-logged in? I suspect they will have different structure

ionic jay Dec 22, 2022, 6:24 AM

#

lyric dawn In that case is it still under the iframe

yes

#Saurabh Jha