Support » Plugin: Code Snippets » Javascript code added

  • ceyhunyildiz

    (@ceyhunyildiz)


    Hi
    We added this javascript code to move the Stripe payment button to the fixed position on the bottom of the page. It was working at first but now we are getting this error message in Chrome:

    Content Security Policy of your site blocks some resources

    Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.
    
    A site's Content Security Policy is set either as via an HTTP header (recommended), or via a meta HTML tag.
    
    To fix this issue do one of the following:
    (Recommended) If you're using an allowlist for 'script-src', consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS. See how to set a strict CSP.
    
    Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.
    
    2 directives
    Resource	Status	Directive	Source Location
    https://m.stripe.network/	blocked	frame-src	m-outer-f045e3.....js:1
    https://pay.google.com/gp/p/js/pay.js	blocked	script-src-elem

    This is the code added with Code Snippets plugin

    function wpb_hook_javascript() {
        ?>
            <script>
    			document.addEventListener("DOMContentLoaded", function(){
    				var stripeFixed = document.querySelector("#wc-stripe-payment-request-wrapper")
    				if (stripeFixed != null) {
    					var mybody = document.querySelector("body")
    					mybody.appendChild(stripeFixed)
    					var copyright = document.querySelector(".copyright")
    					copyright.style.marginBottom = "44px";
    				}
    			});
            </script>
        <?php
    }
    add_action('wp_footer', 'wpb_hook_javascript');

    What should we do ?

  • You must be logged in to reply to this topic.