Support » Plugin: Stripe For WooCommerce » Correct Content Security Policy (CSP) to use?

  • Resolved mvenkadesan

    (@mvenkadesan)


    Hi,

    I want to use the correct CSP policy, but without known unsafe elements like unsafe-inline or unsafe-eval. But for that I need to know which URLs should be allowed for connect-src, font-src, frame-src, and many other similar source tags. On my website, the only pages that use external resources are triggered by the Stripe for Woocommerce plugin, so it is related to the payment features. However, the exact resource depends on the browser and the specific options that are enabled, like Payment Request Buttons. Can you please point me to the correct set of URLs that I should allow in my CSP in order to not break payments and still conform to modern security standards?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author mr.clayton

    (@mrclayton)

    Hi @mvenkadesan,

    Here are the external domains that the plugin loads resources from.

    js.stripe.com
    pay.google.com
    www.google-analytics.com
    www.gstatic.com

    Kind Regards,

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.