Stripe Elements don't display properly - because of some security issue in Web2py

Vlad

unread,

May 27, 2019, 9:18:04 AM5/27/19

to web2py-users

I've got some security-related errors which cause Stripe elements not to display correctly. Some googling helped to understand that presumably web2py uses CSP (content security policy?) and some stripe resources need to be whitelisted somewhere (not sure if it's web2py-related or web server-related - I am using the default rocket server).

Any ideas on how to fix this up?

Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1

Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com".

Vlad

unread,

May 27, 2019, 10:06:30 AM5/27/19

to web2py-users

After some googling I tried to add something like this

definitely not safe, but in any case doesn't help at all -

or like this

same errors come back - and stripe elements don't show up right...

Massimo Di Pierro

unread,

May 27, 2019, 12:21:14 PM5/27/19

to web2py-users

Where is that string? <img src="data:image/gif;base64,R0lGODl..." />. It is not in web2py/gluon/contrib/stripe.py Are you using an old stripe.js file that needs to be updated?

Eliezer (Vlad) Tseytkin

unread,

May 27, 2019, 12:37:58 PM5/27/19

to web...@googlegroups.com

Oh, I am not using web2py stripe. I installed stripe stripe and use it directly - need some more advanced features.

On Mon, May 27, 2019, 12:21 PM Massimo Di Pierro <massimo....@gmail.com> wrote:

Where is that string? <img src="data:image/gif;base64,R0lGODl..." />. It is not in web2py/gluon/contrib/stripe.py Are you using an old stripe.js file that needs to be updated?

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/uLp3v8h7F7I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/83f1cc5f-1fcb-42b0-ac12-9c834e98f119%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

Stripe Elements don't display properly - because of some security issue in Web2py - (CSP?)

Vlad

Vlad

Massimo Di Pierro

Eliezer (Vlad) Tseytkin