After some googling I tried to add something like this
<meta http-equiv="Content-Security-Policy" content="default-src *
'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval';
connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';
frame-src *; style-src * 'unsafe-inline';">
definitely not safe, but in any case doesn't help at all -
or like this
<meta http-equiv="Content-Security-Policy" content="img src * ">
same errors come back - and stripe elements don't show up right...
On Monday, May 27, 2019 at 9:18:04 AM UTC-4, Vlad wrote:
>
> I've got some security-related errors which cause Stripe elements not to
> display correctly. Some googling helped to understand that presumably
> web2py uses CSP (content security policy?) and some stripe resources need
> to be whitelisted somewhere (not sure if it's web2py-related or web
> server-related - I am using the default rocket server).
>
> Any ideas on how to fix this up?
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
> js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1
>
> Refused to load the image
> 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'
>
> because it violates the following Content Security Policy directive:
> "img-src 'self' https://q.stripe.com";.
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/ebaab4a1-d3a9-4211-9150-3ec509d39259%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
