Content-Security-Policy Problem?

Resolved zauberware
(@zauberware)

7 years, 4 months ago
Wir haben derzeit keine Einschränkungen auf der Seite mit Content-Security-Policy gemacht.

Dennoch kommt es zu diesem Error:

Refused to set the document’s base URI to ‘https://www.paypalobjects.com/web/res/d96/fb722e96099e7f9b67c856594c1b0’ because it violates the following Content Security Policy directive: “base-uri ‘self’ https://*.paypal.com”.

Ich wunder mich, dass niemand sonst den Fehler bekommt. Ein paar Posts habe ich dazu im Web schon gefunden, aber alle ohne Antwort. paypalobjects.com ist außerdem eine fragwürdige Adresse? Scam? Hat sich da ein Virus eingeschließen? PayPal Plus heute Morgen installiert.

Hier ein Link zu PayPal Support Forum: https://www.paypal-community.com/t5/REST-APIs/Error-Refused-to-set-the-document-s-base-URI/td-p/1566449
- This topic was modified 7 years, 4 months ago by zauberware.

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Support Andreas W.
(@aweissinpsyde)

7 years, 4 months ago

Hallo @zauberware

ich würde dich bitte hier einmal PayPal direkt zu kontaktieren, da wir selbst keinen Zugriff auf die URLs von PayPal oder PayPal Kundenkonten haben.

Thread Starter zauberware
(@zauberware)

7 years, 3 months ago

Hey Andreas,

I found this thread on github: https://github.com/paypal/paypal-checkout/issues/447

They closed the issue and said something about “a new pilot API” where they fixed the issue. The problem is that it comes with the loaded iFrame on the checkout page. No matter what I am trying to add to my Content-Security-Setting. It always has problems with:

Failed to load resource: the server responded with a status of 403 ()
payment-selection:1 Refused to set the document’s base URI to ‘https://www.paypalobjects.com/web/res/d96/fb722e96099e7f9b67c856594c1b0’ because it violates the following Content Security Policy directive: “base-uri ‘self’ https://*.paypal.com”.

payment-selection:1 Failed to load resource: the server responded with a status of 403 ()
payment-selection:1 Refused to set the document’s base URI to ‘https://www.paypalobjects.com/web/res/d96/fb722e96099e7f9b67c856594c1b0’ because it violates the following Content Security Policy directive: “base-uri ‘self’ https://*.paypal.com”.

The security here comes with the loaded iframe.

Plugin Support Andreas W.
(@aweissinpsyde)

7 years, 3 months ago

Hallo @zauberware

leider haben wir auf das Iframe und alles was darin angezeigt absolut keinen Einfluss. Das kommt direkt von PayPal Plus.

Hast du PayPal schon einmal direkt kontaktiert? Ich werde im gleichen Zuge unseren PayPal kontakt anschreiben und direkt dort nachfragen.

Plugin Support Andreas W.
(@aweissinpsyde)

7 years, 3 months ago

Hallo @zauberware,

nach Rücksprache mit PayPal meinten dieses, es wäre schön, wenn du dieses einmal über paypal.com/mts kontaktieren könntest.

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

7 years, 3 months ago

@aweissinpsyde Why was this topic reported?

Plugin Support Andreas W.
(@aweissinpsyde)

7 years, 3 months ago

Hello @jdembowski,

what do you mean? Reported to PayPal? If yes, because to give plugin users the best support we can and we work here together with PayPal Plus via Slack hand in hand.

Thank you
Have a nice day 🙂

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

7 years, 3 months ago

There’s a “report this topic” link in the side bar. You clicked it. It’s logged who did that. 😉

If you didn’t mean to (it happens) cool.

Plugin Support Andreas W.
(@aweissinpsyde)

7 years, 3 months ago

Hello @jdembowski,

I’m so sorry. I think it was a mistake by me 🙂 Maybe I clicked on it as I scrolled up. Sorry 🙂

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Content-Security-Policy Problem?’ is closed to new replies.