GDPR compliance – loading of external scripts – “Error: Stripe is not defined”

  • Resolved redsoulwarrior

    (@redsoulwarrior)


    3 years, 4 months ago

    Hey there,
    we are using your plugin to include Stripe payment options for our online shop. For the most part, it is working like a charm, however, some users are seeing the “Reference Error: Stripe is not defined” message.

    Now from browsing / searching this forum, I can see that this is often related to caching, but we’re not using any caching on our site.
    If I had to guess, I believe that the affected users are browsing the site with a browser that prevents external scripts from being loaded (since the plugin is making several calls to js.stripe.com, etc. ).

    I do not believe that the correct course of action is for these users to disable their security settings as the plugin, in its current form, is hardly GDPR compliant. You cannot, without first forcing the user to opt in, forward their personal information (and their IP address is already “important personal information” according to European law) to a third party (which is what you’re doing when you’re calling external scripts).

    Is there an option in the plugin or a version of the plugin where you’re NOT connecting to external services and rather loading the JavaScript on the server itself? My current guess is no, which would mean that we’d have to abandon the plugin as our website needs to comply with GDPR regulation.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • Hi @redsoulwarrior,

    Thank you for contacting us.

    Is there an option in the plugin or a version of the plugin where you’re NOT connecting to external services and rather loading the JavaScript on the server itself?

    Stripe specifically states that their js.stripe.com script is to be loaded directly from Stripe’s servers. Here is a link to that:

    https://stripe.com/docs/js/including

    My current guess is no, which would mean that we’d have to abandon the plugin as our website needs to comply with GDPR regulation.

    I don’t believe you are going to find a Partner Verified solution that does what you’re describing since it would contradict Stripe’s best practices.

    in its current form, is hardly GDPR compliant. You cannot, without first forcing the user to opt in, forward their personal information (and their IP address is already “important personal information” according to European law) to a third party (which is what you’re doing when you’re calling external scripts).

    I believe you are too strictly interpreting the GDPR guidelines. Every internet communication includes IP information, that’s the nature of it. Based on your interpretation, a payment form could never be rendered unless the user opted in which is not the case.

    Kind Regards,

Viewing 1 replies (of 1 total)
  • The topic ‘GDPR compliance – loading of external scripts – “Error: Stripe is not defined”’ is closed to new replies.

Tags