CODEWITHSUNDEEP
node.jsstripe-paymentscontent-security-policy
Savva8030
Savva8030

Reputation: 1

I am trying to use Stripe with Node.js but I recieving this error: Refused to load the script 'https://js.stripe.com/v3' beacause of violation CSP

My node.js helmet configuration I add link with 'https://js.stripe.com/v3/' to loading scripts but it still gives me the same error

 appNode.use(
      helmet({
        contentSecurityPolicy: {
          directives: {
            defaultSrc: ["'self'"],
            scriptSrc: [
              "'self'",
              'https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js',
              'https://unpkg.com',
              'https://cdnjs.cloudflare.com',
              'https://js.stripe.com/v3/',
            ],
            styleSrc: [
              "'self'",
              'https://unpkg.com',
              'https://cdnjs.cloudflare.com',
              'https://fonts.googleapis.com',
            ],
            imgSrc: [
              "'self'",
              'data:',
              'https://tile.openstreetmap.org',
              'https://unpkg.com',
            ],
            connectSrc: [
              "'self'",
              'https://unpkg.com',
              'https://cdnjs.cloudflare.com',
            ],
            fontSrc: [
              "'self'",
              'https://unpkg.com',
              'https://cdnjs.cloudflare.com',
              'https://fonts.gstatic.com',
            ],
            objectSrc: ["'none'"],
            upgradeInsecureRequests: [],
          },
        },
      }),
    );

There is the code that implements payment, but when it reach stripe.redirectToCheckout({ sessionId,}) function it immediately stop execution of payment function. As I undestand it happens because script with that function was not loaded.

import { showAlert } from './alerts.js';
import { loadStripe } from '@stripe/stripe-js';

import axios from 'axios';

export const payment = async (productId) => {
  try {
    const checkout = await axios({
      method: 'GET',
      url: `${process.env.API_URL}/api/v1/checkout-session/${productId}`,
    });
    const sessionId = checkout.data.session.id;
    const stripe = await loadStripe(process.env.STRIPE_PUBLIC_KEY);
    await stripe.redirectToCheckout({
      sessionId,
    });
  } catch (err) {
    showAlert('error', err.response.data.message);
  }
  showAlert(
    'error',
    err.response?.data?.message || 'Something went wrong. Please try again.',
  );
};

Upvotes: 0

Views: 19

Answers (0)

Related Questions