abignalet-iframe-3ds | Stripe Developers | Page 1

mellow yoke Oct 20, 2021, 2:14 PM

#

@verbal nacelle I'd highly suggest not using that directive at all if you mean you are framing the 3D Secure authentication URL https://stripe.com/docs/payments/3d-secure#custom-iframe

#

the content of the iframe comes directly form the bank's "ACS" (3D Secure server) so it's kind of impossible to know what domain/origin that will be since it is entirely controlled by each cardholder's bank

#

you basically have to allow everything/a wildcard here, there isn't another option, as best as I'm aware

verbal nacelle Oct 20, 2021, 2:18 PM

#

Okay, I was thinking the same. So removing the meta frame-src is wildcard you mean?

mellow yoke Oct 20, 2021, 2:20 PM

#

I'd remove it entirely personally

verbal nacelle Oct 20, 2021, 2:23 PM

#

Ok i'll try that

#abignalet-iframe-3ds