Level 80
@cib88 Well it looks like you’ve set up CSP on your server, which disallows loading iframes from Stripe’s domain.
Oct 20, 2021
3
Level 2
Stipe Error - Content Security Policy directive: frame-src self
Hello,
I've recently set up my new app on a staging and production server and since then the Stripe API won't load. Everything worked fine locally and on a basic Digital Ocean node.
The errors I'm getting in my console are
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
Refused to frame 'https://js.stripe.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".
I'm reading lots of stuff online some saying I can add a meta tag and some saying it needs setting in the NGINX config.
Can anyone give me more insight into what I need to do? I've emailed the hosting provider but still waiting on a reply.
I'm using cashier & strip API v3
Level 2
@martinbean ok thanks for the heads up this must be something the server hosting company have done then as they set up the servers.
I'm guessing they need to allow this server-side not in my code via the CSP meta tag.
Level 80
@cib88 it’s a HTTP response header. It a security measure and basically specifies the domains that assets like images, scripts, stylesheets, etc can be loaded from, so can stop things like XSS attacks.
1 like
Please or to participate in this conversation.