#bk_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1384546163486621887

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello, rendering our payment element within an iframe is supported, you may also be able to implement this with our embedded checkout. Can you tell me more about the issues you've run in to when trying to implement this?

Also it looks like that stack overflow is about a different question around passing us raw card numbers, is that something you are looking to do as well?

Oh interesting. So you're saying the current element being embedded inside of an iframe would not be an issue?

I am in the thinking stage currently. I haven't tried to implement your payment element into another iframe yet, but I have had CORS issues in the past by putting 1 iframe into another iframe, so was using that knowledge.

And the link was basically if I went with an API only approach and created my own UI, then I know that has some compliance impact.

And I am not sure we would want to/know how to properly mitigate the compliance concerns.

We do have requirements for what CSP policies your page has and that you give the iframe permission to use the browser's payments API, so if you have those properly implemented your embedded page should work.
https://docs.stripe.com/security/guide?csp=csp-js

If you do choose to use an iframe and want to accept Apple Pay or Google Pay, the iframe must have the allow attribute set to equal "payment *".
https://docs.stripe.com/payments/accept-a-payment?platform=web&ui=elements

And yes, handling raw card details definitely increases your compliance lift significantly, I'm not fully aware of the requirements but I know it requires things like regular audits with approved vendors.

Ok. Well, if we can embed inside an iframe, then I think I will go that route for now and if I come across any issues with it, I'll check out the doc you sent me here.

I appreciate your help talking me through this.

Of course, definitely let us know if you run into anything else