Gmail extension + Stripe 3dsecure stop working (december 2023)

[Laura Gutierrez]

Hi,

We have a Chrome extension loaded within Gmail, where stripe js is loaded so that our customers can select and pay for a paid plan.

It has been working for years, but suddenly, since December 2023, our customers cannot pay because the 3dsecure second step (bank confirmation popup) is not displayed.

We have observed that the last Chrome update (to 120 version) is not affecting, as we have tested with an older version and the issue is happening the same way. The Stripe Js added to the package is up to date with the current version of the Stripe library.

If we look at all stripe requests executed, all of them are executed successfully but the following ones, returning 403 sometimes and other times 404 (which is weird).

• https://js.stripe.com/v3/three-ds-2-challenge-XXX.html

• https://js.stripe.com/v3/three-ds-2-fingerprint-XXX.html

We are using the InboxSdk library too, but I suppose is not interfering with this issue.

Any idea? Has someone experienced a similar issue with Stripe since December 23?

Thank you for your help.

[Oliver Dunk]

Hi Laura,

Have you reached out to Stripe about this?

Especially if this is happening in older Chrome versions, it seems likely this may be a change on their side.

Perhaps someone else from the mailing list will be able to share their experiences too.

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/8f0b93f7-486b-43c6-8057-d11430949af8n%40chromium.org.

[Laura Gutierrez]

Hi Oliver,

Yes, I have opened a ticket reaching out to the Stripe support team, providing the evidence, but still no answer from their side.

So I wanted to share my experience here just in case this rings a bell for someone.

I will update here in case I receive a useful answer from the Stripe team.

Thanks!

--

	Laura Gutiérrez Full-Stack developer acumbamail.com laura.g...@acumbamail.com

[Laura Gutierrez]

Hi!

Here just to share the end of the story.

There was no quick answer from Stripe, so we had to implement an alternative payment flow.

As we had the facilities, we decided to open a new tab to complete the payment (this being executed in an external server out of the environment of the extension itself). This required the implementation of security measures between the extension and the external server. Once the payment is completed there, the user is redirected to Gmail (where the extension is executed).

The other possibility would have been to use Stripe within a sandbox iframe in the extension.

Today, I received an answer from Stripe, and they confirmed that it is not possible to use directly Stripe with manifest V3 extensions. More precisely: "You need to include the Stripe.js script on each page of your site and it needs to be loaded directly from https://js.stripe.com. It won't work if you try to include the file in the extension package."

Here is an interesting thread about it: https://github.com/stripe/stripe-js/issues/273

When we migrated our extension from mv2 to mv3, we expected to be forced to stop using Stripe, but, after testing, we noticed that it was still working, so we kept it.

It will remain a mystery why it has been working for two years and finally now stopped working.

Bye!

[Oliver Dunk]

Hi Laura,

Thanks so much for sharing the update!

Glad you have a workaround for now but it's unfortunate it isn't working within the extension. I do want to try and provide more monetization guidance in the future so I'll make a mental note that this is something we might want to investigate more / cover on our side.

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB