#sleepyhead_error

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1220361899250815047

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello

What errors are you seeing exactly?

When do these errors occur exactly?

Are you using Payment Element here?

i'm using stripe elements. card element I think

this happens on page load

And this was working previously?

You just started seeing these errors?

yes

i also noticed there are requests to https://api.hcaptcha.com/authenticate. I would also assume that would not work given the recommended CSP from Stripe not including that URL?

These errors are in Safari btw. I do not see them in Chrome

Thanks for the info, let me see if I can reproduce them on my end

The form seems to be running though. I am able to submit and get error using 4242 card

Okay so it doesn't prevent any functionality even though you see these browser errors?

Not sure. I originally discovered this due to another logged server error with payment (problem on my end)

However I am seeing this in my Javascript error logs: "Third-party iframes are not allowed to request payments unless explicitly allowed via Feature-Policy (payment)"

Another issue and not related to CSP but a problem with older Safari browsers

And Apple Pay

I believe you are missing allow="payment"

for these older browsers

Are you using Payment Request Button for Apple Pay and putting it in an iframe?

If so, then it is on you to set allow="payment" (see: https://docs.stripe.com/stripe-js/elements/payment-request-button?client=react#react-testing)

let me check. I thought I was not setting iframe

I believe the iframe is added by stripe

I am using paymentRequestButton

Yeah then you shouldn't need allow="payment" unless you are hosting that within an iframe yourself

I am not. I am only seeing this on one of my client sites (we are a SaaS)

Could it be certain countries use an iframe for Apple Pay

I am not able to replicate it using my Apple Pay in test env for my account

This client is in Latvia. I am not seeing this for clients in other countries

This is what my error logger gives:

https://js.stripe.com/v3:1:607703→ d

Hmm yeah I'm not sure -- we would need to be able to reproduce that to get more information. Is there somewhere we can reproduce those original CSP errors you shared?

I'm not able to locally

Yes you can test it here: https://stripe.test.makeplans.net

it is running test env

How do I get to Card Element?

I'm looking into this now and I think the problem is that some of my Safari extensions are not playing well with Stripe here

Yeah that seems likely, since I'm not able to reproduce what you are seeing

I'd try running this in private browsing

Yes it is due to this extension: https://underpassapp.com/StopTheMadness/

Sorry for the confusion

No worries

Glad it got figured out

I am seeing some error for hcaptcha though. I am not a CSP expert so not sure if it is relevant for CSP:

{
"pass": false,
"error-codes": [
"pat-missing-auth"
]
}

https://api.hcaptcha.com/authenticate

Failed to load resource: the server responded with a status of 401 (Unauthorized)

Ah actually I do see that as well. You can still complete the payment correct?

payment works for me

I think that is a result of some recent CAPTCHA work being done around Card Element, but I think it is just a console error and shouldn't have any processing affect. I'll still report it internally as it is confusing that we show that in Console.

it might just be that http status errors are always shown in the console even if it is handled by the script

anyways. what do you suggest I do for this iframe issue

i dont think i can check this easily without getting an affacted customer which would be the customer of my customer so i would rather not go that way

but if the stripe payment request button is generating an iframe it should have the right iframe permission set, right?

Yes, if you are just loading Payment Request Button then we handle everything.

Only if you are actually putting it in an iframe yourself would you need to set allow="payment"

Your customer sees that error and doesn't actually see the Apple Pay button?

i am just using payment request button. I am not using any iframe on my site. I do not what is happening on the customer end, I am just seeing the logged error. I am unable to replicate it. We have 500 clients internationally and it only is happening with a client in Latvia (with I assumed customers in Latvia)

It is for this charge: ch_3Owl43JmcOS4ZTnM1sq10n1z

Not sure if still works despite the error, whether the customer gave up apply pay and paid with a normal card or anything else

Yeah there isn't really a whole lot I can do just with that error message.... we would need to be able to reproduce it or have more information. That error really should only show from using an iframe so I don't know what to tell you. If you look at your local integration you should see that we do supply allow="payment" to our own iframe that we create

I understand. I will check with this client and tell them to report to us when this problem occurs