segalee | Stripe Developers | Page 1

coral trenchBOT May 9, 2023, 11:41 AM

#

stray pawn May 9, 2023, 11:42 AM

#

Hi
It looks like you have custom CSP policy in your server that is blocking the API call. You need to update your policies.

worthy urchin May 9, 2023, 11:48 AM

#

👋 taking over for my colleague. Let me know if there's any follow-up Qs I can answer!

humble kayak May 9, 2023, 11:50 AM

#

@stray pawn I've updated the policies in the content_security_policy array. It still doesnt seem to work in my local machine

stray pawn May 9, 2023, 11:56 AM

#

What updates you made ?
refer to these CSP directives:
https://stripe.com/docs/security/guide#content-security-policy

humble kayak May 9, 2023, 12:12 PM

#

Ive added the correct url in connect-src
also tried including
"image-src": null,
"purpose": "Send data to example service...",
"frame-src": null,
"script-src": null

but it still fails

coral trenchBOT May 9, 2023, 12:17 PM

#

stray pawn May 9, 2023, 12:17 PM

#

What CSP directives do you have?

humble kayak May 9, 2023, 12:24 PM

#

"connect-src"
"image-src"
"purpose"

stray pawn May 9, 2023, 12:27 PM

#

try:
connect-src 'self' https://api.stripe.com

humble kayak May 9, 2023, 12:46 PM

#

Do you mean including the
'self' https://api.stripe.com
as part of the value for connect-src key?

stray pawn May 9, 2023, 12:49 PM

#

yes try that.

#segalee