Pay module and AJAX

  • Resolved ronhe

    (@ronhe)


    1 year, 6 months ago

    Hi,

    The other day I ran into paying problems. I.E a customer couldn’t come to the a bank portal anymore.

    I went for help to the module builder and the find out that I was because of 2 things:

    1 The pay module was embedded (GF-forms) and the option AJAX was set to active.
    Setting this to inactive everything worked out well.

    2 I get also back:
    Refused to load https://www.heilooenergie.nl/over-ons/contactformulier/betaling-contributie/#gf_9 because it does not appear in the frame-ancestors directive of the Content Security Policy.
    But how can that be?
    The SSL dashboard doesn’t state that something is incomplete.
    What is the remedy for setting (again??) the Content Security Policy

    Ron

Viewing 1 replies (of 1 total)
  • Plugin Support jarnovos

    (@jarnovos)

    Hi @ronhe,

    It seems that you have the “Frame-Ancestors” header set to the value none.

    Which has the effect that when another site, or even a page on the same site (like in this case) tries to load the URL within an <frame>, <iframe>, <object> (or another embedding mechanism): it will be blocked by the browser, and you will receive a CSP violation error message such as the one you provided.

    If you want to allow only your own site to embed such content, you may want to set frame-ancestors to the value self instead.

    Kind regards, Jarno

Viewing 1 replies (of 1 total)
  • The topic ‘Pay module and AJAX’ is closed to new replies.