Refused to load the script 'https://js.stripe.com/v3/' because it violates the following Content Security Policy directi

mhbhat · Post by **mhbhat** » 19 Jan 2023, 14:12

Hi, I tried to use the Stripe payment gateway but I got this error while checkout in the console. How to resolve this?
When I see the source code I noticed this:

Code: Select all

<meta http-equiv="Content-Security-Policy" content="base-uri 'self'; default-src 'self' 'nonce-5xWW/yrW/7wM2G9eaucecQ=='; style-src &#039;unsafe-inline&#039; &#039;self&#039;; img-src &#039;self&#039; data: https://aimeos.org; frame-src https://www.youtube.com https://player.vimeo.com">

I guess it won't allow stripe so any clues?

Post by **aimeos** » 19 Jan 2023, 14:25

Please copy the Aimeos base.blade.php template to your ./resources/views/vendor/shop/ directory and change the CSP directive accordingly. Read also:
https://aimeos.org/docs/latest/laravel/ ... ity-policy

mhbhat · Post by **mhbhat** » 20 Jan 2023, 07:17

Thank you the environment was set to

Code: Select all

local

I just set to

Code: Select all

production

and this error got disappeared

Post by **aimeos** » 20 Jan 2023, 16:15

It should be the other way round and it's fixed here:
https://github.com/aimeos/aimeos-larave ... e6a783c3ed

The next release will contain the fix and then, you will get the error in non-debug mode if you don't adapt the CSP rule.

Help for Aimeos