Javascript - Could you provide some guidance on how we can resolve the Content Security Policy error?

MuhammadAhmad
December 4, 2023
207 views
0 votes
2 Answers

This is the actual error message when I tried to integrate the stripe with the front end.

Refused to frame ‘https://js.stripe.com/’ because it violates the following Content Security Policy directive: "default-src ‘self’". Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

I added this meta tag on the head, but unfortunately, it’s not working

meta(http-equiv="Content-Security-Policy", content="script-src 'self' https://js.stripe.com; script-src-elem 'self' https://js.stripe.com")

Answers

- HarryHsu
- December 2, 2023 at 8:29 pm
- 0 votes
0
You set the CSP for script only. In order to use I-Frame, you need frame-src
```
meta(http-equiv="Content-Security-Policy", content="script-src 'self' https://js.stripe.com; script-src-elem 'self' https://js.stripe.com; frame-src https://js.stripe.com")
```
Login or Signup to reply.

- HalvorSakshaug
- December 4, 2023 at 6:16 am
- 0 votes
0
There is a (default) CSP on your site and you try to add another one in a meta tag. Now the content needs to pass both policies. You need to identify how the original CSP is set and change it to allow the necessary content. You can likely remove the policy in meta tag.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Javascript – Could you provide some guidance on how we can resolve the Content Security Policy error?

Answers