matrix-CSP | Stripe Developers | Page 1

narrow tundra Nov 17, 2021, 9:25 AM

#

Hello Matrix what is the error message?

hard warren Nov 17, 2021, 9:26 AM

#

Hello

#

i see this in the console: Ignoring duplicate Content-Security-Policy directive 'report-uri'.

#

I am in test mode

#

do you want the link to the website?

narrow tundra Nov 17, 2021, 9:32 AM

#

yes please, if you could that would be great

hard warren Nov 17, 2021, 9:33 AM

#

https://planbi.web.app/ricco.html

ricco

#

it is a simple checkout (connect)

narrow tundra Nov 17, 2021, 9:41 AM

#

I am afraid report-uri directive is no longer supported https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri

#

The CSP directives required by Stripe are https://stripe.com/docs/security/guide#content-security-policy

hard warren Nov 17, 2021, 9:43 AM

#

mmm I am not sure what i need to do in my website

#

do i need to add the following? but where?

#

connect-src, https://checkout.stripe.com
frame-src, https://checkout.stripe.com
script-src, https://checkout.stripe.com
img-src, https://*.stripe.com

Stripe Checkout: We built Checkout so you don’t have to

Stripe Checkout is a drop-in payments flow designed to drive conversion with just a few lines of code.

#

or am I using stripe.js?

narrow tundra Nov 17, 2021, 9:50 AM

#

You can configure CSP within your web server or with the <meta> element within your script, please refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more instructions 🙂

Content Security Policy (CSP) - HTTP | MDN

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks,
including Cross-Site Scripting (XSS) and data injection attacks.
These attacks are used for everything from data theft, to site defacement, to malware distribution.

#matrix-CSP