literatelapellabel_unexpected | Stripe Developers | Page 1

dark plankBOT Mar 20, 2025, 10:43 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1352231083965677609

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

raven yewBOT Mar 20, 2025, 10:44 AM

#

wary tartan Mar 20, 2025, 10:44 AM

#

Hi 👋 can you share the error you're seeing?

elfin pelican Mar 20, 2025, 10:47 AM

#

wary tartan Mar 20, 2025, 10:49 AM

#

Hm, is AnalyticsReporter.js your file?

dark plankBOT Mar 20, 2025, 10:58 AM

#

elfin pelican Mar 20, 2025, 10:59 AM

#

No its one of Stripes components

flat brook Mar 20, 2025, 11:05 AM

#

Hey! Taking over for my colleague.
Have you had a chance to add these CSP directives?
https://docs.stripe.com/security/guide#content-security-policy

elfin pelican Mar 20, 2025, 11:07 AM

#

Yes they've been added, I don't think its our CSP at fault, I'm wondering if its the embedded frame has its own CSP ?

flat brook Mar 20, 2025, 11:17 AM

#

What guide are you following ?

elfin pelican Mar 20, 2025, 11:23 AM

#

I followed the guide you've linked to but for connect embedded components

flat brook Mar 20, 2025, 11:33 AM

#

I mean what guide you are following for integrating Stripe Product

dark plankBOT Mar 20, 2025, 11:58 AM

#

elfin pelican Mar 20, 2025, 12:00 PM

#

Oh I see. We've followed the connect integration for stripe hosted onboarding via embedded components

#

It's all working as expected but the CSP error might be a cause of concern for anyone onboarding that thinks to open the browser terminal

glass pilot Mar 20, 2025, 12:07 PM

#

If it doesn't prevent your users from completing the onboarding - you can ignore the error.

elfin pelican Mar 20, 2025, 12:22 PM

#

OK, I do think its an error with the onboarding componets available, as disabling our CSP entirely so none is enforced still gives this issue

glass pilot Mar 20, 2025, 12:32 PM

#

Is there an issue with onboarding?

elfin pelican Mar 20, 2025, 12:37 PM

#

only that it reports in the browser console a resource is blocked by a security policy, which may impact user trust. I did some digging and it looks like r.stripe.com is used to track calls to the embedded js files for your / stripes internal analytics purposes.

It seems unfortunate that this looks like an error related to security on our side from an uniformed user perspective

glass pilot Mar 20, 2025, 12:41 PM

#

I don't expect many uninformed users to inspect your website with dev tools.
However, if you actually receive user reports concerned about this issue, feel free to reach out to Stripe Support: https://support.stripe.com/?contact=true

#literatelapellabel_unexpected