#sagar_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1230433087645683733

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• sagar_apps-events, 2 days ago, 19 messages

hi! looks like you need to specify a full URL (like https://xyz.example.com/page-to-connect-to).

hi
i tried to specify full url then the built is created successfully but when tested using external link the last speified link threw error about content_security_policy

what specific error and where did it appear?

in console
Refused to connect to 'https://xyz.example.com/webhookOptions' because it violates the document's Content Security Policy.

in the console on what page, when, when doing what?

Maybe that URL is not in the content_security_policy of your stripe-app.json?

i added and checked it also uploaded the same built twice but facing the same

when does the error happen, when doing what? What is the part of your code that tries to do something with 'https://xyz.example.com/webhookOptions' ?

i am trying to fetch some details from backend to display in the stripe app

which ever changes uploaded in the last built are not able to test as a external test can you help me with that

how, what does the exact code look like?

I'm not sure what "are not able to test as a external test " means, can you clarify?

yes,
currently i am developing a stripe app
after some progress to check that code is working fine i uploaded the apps using "stripe apps upload"
after that built is created ==>
"Would you like to proceed: y
✔ Built files for production
✔ Packaged files for upload
✔ Uploaded "

then in settings developers option i can install the last built in test mode and external test mode
the test mode is working fine but in external test mode it gives the above stated error

hard to say without a lot more information, maybe open a support ticket at https://support.stripe.com/?contact=true ? I'm trying to help but I don't have access to your account and you're not sharing the code I'm asking you for.

please specify what code you specifically need

the part of your code that tries to do something with 'https://xyz.example.com/webhookOptions', like the code in the UI extension accessing that, or so on.

and the complete stripe-app.json file

okay
api.jsx

export const getWebhookOptions = async (environment,userContext) => {
try {
signaturePayload.user_id = userContext?.id;
signaturePayload.account_id = userContext?.account.id;

let fetch2 = await fetch(`${environment.constants.API_BASE}/webhookOptions`, {
  method: 'POST',
  headers: {
    'Stripe-Signature': await fetchStripeSignature(),
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    ...signaturePayload,

  }),
});

console.log(fetch2)
const res = await fetch2.json();
if (res.statusCode == 200) {
 return res.data
} else {
  return []
}

} catch (error) {
console.log(error)
}
}

AppSetting.jsx

useEffect(async () => {

let webhookOptions = await getWebhookOptions(environment, userContext)
console.log('webhook options', webhookOptions);
if (webhookOptions) {
  setSelectedOption(webhookOptions.filter(item => item.isAdmin && item.roles && item.roles.some(role => role.name == 'Administrator')))
  setOptions(webhookOptions.filter(item => !item.isAdmin && item.roles && item.roles.some(role => role.name == 'Administrator')))
}

}, []);

stripe-app.json
{
"id": "com.eudizital.sync-to-sheets",
"version": "0.0.23",
"name": "Sync To Sheets",
"icon": "",
"permissions": [
{
"permission": "customer_write",
"purpose": "Allows the app to update the name of the customer."
},
{
"permission": "payment_intent_read",
"purpose": "access to read the payment intent"
},
{
"permission": "balance_read",
"purpose": "to retrive the balances"
}
],
"ui_extension": {
"views": [
{
"viewport": "stripe.dashboard.home.overview",
"component": "App"
},
{
"viewport": "settings",
"component": "AppSettings"
}
],
"content_security_policy": {
"connect-src": [
"https://xyz.example.com/user",
"https://xyz.example.com/auth/google",
"https://xyz.example.com/logout",
"https://xyz.example.com/payments",
"https://xyz.example.com/customer",
"https://xyz.example.com/balances",
"https://xyz.example.com/getUser",
"https://xyz.example.com/saveSetting",
"https://xyz.example.com/webhookOptions"
],
"image-src": null,
"purpose": ""
}
},
"constants": {
"API_BASE": "https://xyz.example.com"
},
"allowed_redirect_uris": [
"https://dashboard.stripe.com/test/dashboard"
],
"stripe_api_access_type": "oauth",
"distribution_type": "public"
}

what is environment.constants.API_BASE ?

I mean yeah

it's s2s.foodarna.com right? but in your connect-src you do not have s2s.foodarna.com, you have "xyx.example.com"

you need to put the actual real domains you're using in the connect-src, not those random example.com ones.

actually it was just to not show the url in the thread

looking forward for you reply

Hi! I'm taking over from my colleague. Please, give me a moment to catch up.

It might take us a bit longer to investigate, would you mind writing to Stripe Support: https://support.stripe.com/?contact=true
You can mention you talked to us on Discord, then my engineering team will take over your case.

This will give us more time to dive deeper into the issue.

what exactly i need to tell them

the whole thing again ??

Quick question, does the problem arise only when you connect to the /webhookOptions endpoint? Or to others, e.g. /payments as well?

whichever is the last

in the connect-src whichever is the last mentioned

This sounds pretty arbitrary, isn't it?
I can't imagine why this would happen

i was going through the docs can this be the reason

Again, since there's a confusion with the domain names, I suggest to reach out to Stripe Support, since then you won't need to conceal the domain names, as the communication will be private.

Not sure what secrets have to do with content security policy

okay i will provide the stripe-app.json

do i need to still connect the support

I would suggest this as the best option. Then we will communicate in private and have enough time to reproduce the issue on our side and find a proper solution: https://support.stripe.com/?contact=true

Please provide all the releavant details, e.g. tha fact that only the last item in the list produces the error.