PayPal – Cross Origin Read Blocking

  • Resolved Jason Houge

    (@jasonhouge)


    3 years, 8 months ago

    Tested on Google Chrome and Safari (both iOS and Desktop)

    Credit card input works fine, but the Paypal button does not.

    Using the inspect tool’s console in chrome I discovered Cross Origin Read Blocking prevents the Paypal login window from opening when a donor clicks the yellow PayPal button.

    GiveWP: Version 2.21.2
    Wordpress: Version: 6.0

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Jason Houge

    (@jasonhouge)

    3 years, 8 months ago

    This appears to be a similar issue:
    https://wordpress.org/support/topic/paypal-donate-gateway-not-working/

    The organization collects billing information, and because they do and because the Give plugin loads in an iframe PayPal gets blocked?

    It seems there should be a way to disable the Paypal button and just use the credit card processing (which does work) or the plugin needs to not load within an iframe. Am I wrong?

    Plugin Support Rick Alday

    (@mrdaro)

    3 years, 8 months ago

    Hi @jasonhouge,

    Happy to clarify.

    If you collect billing information, the donor has to fill the billing address fields before clicking the Paypal button.

    We know this can be confusing for users and we have a feature request to change the order of the fields here: https://feedback.givewp.com/feature-requests/p/paypal-donations-billing-address-fields-should-be-before-smart-buttons

    We have another request to allow admins to control the PayPal Donations payment options: https://feedback.givewp.com/feature-requests/p/user-control-over-which-paypal-fields-display

    Currently, the workarounds are:
    1. Disable the billing fields for PayPal Donations
    or
    2. Use PayPal Standard for Paypal payments and Stripe for credit card payments.

    Thread Starter Jason Houge

    (@jasonhouge)

    3 years, 8 months ago

    If you collect billing information, the donor has to fill the billing address fields before clicking the Paypal button.

    This seems to be incorrect. I have tested that, and the login window fails to load due to Cross Origin Read Blocking.

    Unfortunately, my client and I suspect many, many others, are impacted by this failure. I have already implemented the work-around by disabling billing info collection. The drawback is my client needs this information for their paperwork, so it would be very helpful if we could have some resolution on: https://feedback.givewp.com/feature-requests/p/user-control-over-which-paypal-fields-display

    -OR-

    Since the key factor that seems to cause all of these issues is the fact that GiveWP displays within an iframe, which is an often frowned upon manner of displaying and collecting information due to it being a common exploit, it would be most helpful if iFrames were eliminated from the plugin all together.

    Thank you

    Plugin Support Matheus Martins

    (@matheusfd)

    3 years, 8 months ago

    Hi, @jasonhouge.

    We do not have a way to remove the iframe for the multi-step and classic donation forms, but if it’s necessary in your case, you can use the legacy donation form because it doesn’t use an iframe.

    Thanks for using GiveWP! Have a great day.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘PayPal – Cross Origin Read Blocking’ is closed to new replies.