jason_best-practices | Stripe Developers | Page 1

soft pierBOT Nov 19, 2024, 1:52 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1308248458796339282

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

hardy sable Nov 19, 2024, 1:52 AM

#

PCI screenshot

tender whale Nov 19, 2024, 1:58 AM

#

I can't comment on that requirement from PCI, however, you need to ensure that the stripe.js script is always be loaded directly from https://js.stripe.com

hardy sable Nov 19, 2024, 2:06 AM

#

Yeah I understand not commenting on PCI but I am loading from that url, but what it returns changes when you push updates which breaks any hash check

tender whale Nov 19, 2024, 2:07 AM

#

you shouldn't have any hash check on the stripe.js script for the exact reason you mentioned. We require you to load directly from the URL so that you always receive the most up to date script

hardy sable Nov 19, 2024, 2:36 AM

#

Understood but that goes against PCI, but I'll write up a Compensating Controls Worksheet then I guess if there's nothing else you can suggest

tender whale Nov 19, 2024, 2:37 AM

#

I don't know what does a Compensating Controls Worksheet do, but there's nothing I can suggest specifically with regards to the stripe.js script

#jason_best-practices