#mook_code

1 messages ¡ Page 1 of 1 (latest)

cedar gardenBOT
#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question. Thank you for your patience!

⏱️ We automatically close idle threads, which makes them read-only. Make sure you stick around to chat in realtime! If this thread is closed and you have another question you'll need to start a new thread.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1214231415214968873

📝 Have more to share? You can add more detail below, including code, screenshots, videos, etc.

mortal steepleBOT
pearl hull
#

Hello

silver plover
#

hi

pearl hull
#

Hmmm I'm not sure how much we can help with this as it really comes down to your own CORS policies. But let me see if a colleague is familiar with this at all..

silver plover
#

thanks !!

#

For me CORS is a show-stopper - for preventing click-jacking XSS, attacks, script injection etc. my use-case is a very sensitive site - we really have no flexibility here - with the exception of - I can permit and white-list specific domains - I just cannot permit any unsafe-eval or 'any foreign' script injection

pearl hull
#

Ah okay my colleague just let me know that unfortunately we don't actually support this yet for Stripe.JS.

#

This being COEP

#

We do have an open feature request to get this functionality added.

#

However, I can't guarantee any sort of timeline for when that would happen, but I'll note your added interest.

silver plover
#

I understand.

#

Might you have a link to a github ticket or something I can refer back to?

pearl hull
#

Unfortunately not. You could open an issue at https://github.com/stripe/stripe-js if you like (I don't believe there is one already). It is just an internal feature request ticket currently.

silver plover
#

okay. thank you. I will do this.

#

should I report to: https://github.com/stripe/stripe-js/security/policy or just regular bug report? https://github.com/stripe/stripe-js/issues/new?assignees=&labels=bug&projects=&template=BUG.yml&title=[BUG]%3A+ it's not really a bug ..

GitHub
Build software better, together

GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

GitHub
Build software better, together

GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

pearl hull
#

Yeah just a regular issue. I wouldn't really say it is a bug... really just a feature request overall.

silver plover