#tarantino-47_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1467969446302711871

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello
Do you have an example PaymentIntent ID I can take a look at?

we also don't set any CSP headers in our website, the only CSP we have is coming from stripe related resources.
and if we use this extention to disable CSP everything works fine: https://chromewebstore.google.com/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden

Here are two example PaymentIntents:

Successful Amex transaction: pi_3SvjsNFbFOzNrsPE0lrl4i4Q
Failing Discover transaction: pi_3Sw0yiFbFOzNrsPE0W4x7lPf

There's probably a typo in the failing PaymentIntent

can you double check

just a sec

pi_3Sw0yiFbFOzNrsPE0W4x7lPf

Are you saying the same card works if you disable CSP?

yes, everything works if I use that extension

Can you share an example PaymentIntent using the same card but with CSP disabled?

The examples you've shared are for Amex and Discover

I'd like to check if Discover works without CSP

just a sec

another one failed PI id: pi_3SwSrJFbFOzNrsPE1pQHdx1M

actually we didn't make the payment with disabled CSP, but once we disable CSP - the iframe is being rendered as expected

the require_action event is same regardless of the extension make the iframe/popup show up or not
the issue is the browser blocking it

Are you using Stripe Elements or manually rendering the iframe?

Stripe Elements

Is this only occurring in live mode or are you able to reproduce this in test mode using relevant brand test cards?

the iframe is different in test mode, we can’t test it using test mode

Elements should behave the same way though if this is a specific network/card brand issue

iframe is being loaded in test env without using the extension

Is there a page I can try to reproduce this myself?

and are you sure you don't have a CSP on your server? Can you double check to be 100% sure?

You may need to add these directives to your config: https://docs.stripe.com/security/guide?csp=csp-js#content-security-policy

just a minute

need a bit more time please

NP! take your time

can I DM you the link where you can reproduce the bug?

You can share it here and delete in a minute or so

ok, sounds good

sending ping just to keep the thread opened🙂

Sounds good, as a heads up my colleague had to step out but I'm here to help when you have that link

@thorny willow checking in, still working on this?