This is the actual error message when I tried to integrate the stripe with the front end.
Refused to frame ‘https://js.stripe.com/’ because it violates the following Content Security Policy directive: "default-src ‘self’". Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
I added this meta tag on the head, but unfortunately, it’s not working
meta(http-equiv="Content-Security-Policy", content="script-src 'self' https://js.stripe.com; script-src-elem 'self' https://js.stripe.com")
2
Answers
You set the CSP for script only. In order to use I-Frame, you need frame-src
There is a (default) CSP on your site and you try to add another one in a meta tag. Now the content needs to pass both policies. You need to identify how the original CSP is set and change it to allow the necessary content. You can likely remove the policy in meta tag.