• Resolved cmba

    (@cmba)


    I may have found an error in the plugin code. When I first installed the plugin and tried to use it I had issues come up in the checkout process. I talked to Firefox support and they helped me find the add-on that was blocking scripting. My findings directed me to AdBlocker Ultimate plugin support.

    I get these errors in my console:
    Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
    There is a similar error with (“style-src”)

    I got this response from their tech:
    In order for that script to work, it should be <script nonce=”sha256-….”> and you should have “unsafe-inline” in the CSP.
    Basically, this is a design flaw of Stripe and you should contact them.

    https://postimg.cc/gallery/4NphrGk

    Can someone fix this with the Stripe plugin?

    • This topic was modified 2 years, 4 months ago by cmba.

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    Hi @cmba

    When I first installed the plugin and tried to use it I had issues come up in the checkout process.

    Can you provide some more details on what issues you encountered? For example, was the credit card form not rendering?

    The site you provided a link to doesn’t have our plugin active on the checkout page.

    Basically, this is a design flaw of Stripe and you should contact them.

    It’s unlikely that the Stripe JS SDK has a bug. Based on what I see in your screenshots, the issue isn’t related to any CSP.

    Kind Regards,

    Thread Starter cmba

    (@cmba)

    You need to have something in the cart in order to view the checkout page. Otherwise you’re viewing a placeholder.

    After you fill in the credit card it won’t let you click the checkout button.

    Ignore the part about the CSP. I do not have one on my site or my server. The AdBlocker Ultimate plugin is still blocking inline scripting which is like a built in CSP. I asked them about this and they told me that it’s standard to block potentially unsafe inline scripting when it’s not properly called in the header.

    Thread Starter cmba

    (@cmba)

    Is someone going to fix this or get back to me about this?

    Plugin Author Payment Plugins

    (@mrclayton)

    Hi @cmba

    Is someone going to fix this or get back to me about this?

    Thanks for the reminder. With over 80,000 users of our plugin, sometimes it’s hard to respond to all requests as quickly as we would like.

    You need to have something in the cart in order to view the checkout page. Otherwise you’re viewing a placeholder.

    We did add an item to the cart. Here is a screenshot of what we’re seeing, which isn’t our Stripe plugin.

    https://imgur.com/a/OAaTnam

    Kind Regards,

    Thread Starter cmba

    (@cmba)

    Sorry. The /shop page takes you to the *subdomain. I made it for testing purposes and to eventually migrate the shop stuff over to it.
    Here’s a link to one of the products on the main site.
    https://heartlandforest.org/product/wooden-spinning-top/

    Thanks

    *Everyone kept telling me it was another plugin conflicting with the checkout page. So I made the subdomain with no other plugins to prove them wrong. You can ignore this because it is an issue I was having with our main payment processor before I switched to Stripe. That issue has still not resolved itself.

    Plugin Author Payment Plugins

    (@mrclayton)

    @cmba Can you set your site to “test” mode as we cannot test with a real credit card on your site.

    From my review, there doesn’t appear to be anything wrong with the Stripe plugin. I was able to enter the credit card info and trigger a card decline error as expected.

    Thanks,

    Thread Starter cmba

    (@cmba)

    I just put it in test mode.
    Currently the plugin has been working to make payments. It was when I had first started using it and I had the AdBlocker Ultimate plugin installed on Firefox when it had messed up and wouldn’t work for me.

    Let me know how that goes and I’ll take it out of test mode when you’re done.
    Thanks

    Thread Starter cmba

    (@cmba)

    I could make a temporary account for you in a private message if you want.
    You might not even need to check my site because if it’s an issue with the combination of Stripe and the adblocker you could find it on your own.

    Plugin Author Payment Plugins

    (@mrclayton)

    @cmba There aren’t any issues with the Stripe plugin, our test order processed as expected. #46424.

    Whatever plugin(s) you disabled prior to the Stripe plugin working most certainly were the reason for your issue.

    Kind Regards,

    Thread Starter cmba

    (@cmba)

    Did you check it with the adblocker plugin activated on Firefox? That was the entire reason for starting this thread.

    Plugin Author Payment Plugins

    (@mrclayton)

    @cmba Yes, it was tested with that plugin activated.

    Thread Starter cmba

    (@cmba)

    Awesome thanks. That’s all I needed to know.
    It would still be good to look into the script issue for future reference.
    I’m taking it out of test mode.
    Thanks

    Plugin Author Payment Plugins

    (@mrclayton)

    It would still be good to look into the script issue for future reference.

    The CSP notice you see in the console does not interfere with payments in any way. Also, we can’t control that code since that’s all stripe.js, which is unrelated to the actual plugin.

    If you feel there is an issue, I recommend you contact Stripe support and report that info to them.

    Kind Regards,

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Script Header Being Incorrectly Called’ is closed to new replies.