seo Question posted in
Some basic information to get you started with this can be found here.

Issue with content security policy header – SEO

We have an e-commerce website from where we redirect to a payment gateway portal, Once the transaction is done the payment gateway portal redirect back to our e-commerce website with response form data, after hitting our response page we’re getting 404 error with content security policy is blocking the redirection, please find the screenshot that i have attached.
Our Website is developed using angular 11, as well as we’re using ssr for seo optimization.

Error

Tags:

2

Answers


  1. 0

    this is a common problem with CSP that is supposed to be fixed on the backend, I don’t know which framework you are using, if it is Spring Boot with Java, then I will be something like this:

    @EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.and()
            .headers()
            .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:");
    }
}
    Login or Signup to reply.
  2. 0

    Content Security Policies don’t have the ability to block redirects that originate from the payment gateway.

    The problem you’re seeing is that your application isn’t handling POST requests to http://beta.samidirect.com/home. Your application is instead providing a 404 error and is replying with a default 404 page that includes inline styles that are blocked by the CSR. Presumably, your Angular application doesn’t utilize inline styles, which is why you wouldn’t see this error on pages handled with Angular. You need to solve the 404 problem instead of the CSR problem.

    You will need to implement a server application that can handle the POST request, verify the transaction was legitimate, verify that the transaction was processed with the correct amounts and then redirect to GET http://beta.samidirect.com/home. This problem cannot be solved with entirely with Angular 11, you must create a backend component.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search