Closed aweb3r closed 2 months ago
aligent-lturner
commented
10 months ago This is not possible in any practical way - the domains depend on the financial institutions providing the credit cards, so it would be an extraordinarily long list. In the past, we have taken an incremental approach for our clients - add the ones you know of, and then add more as they are encountered.
candemiralp
commented
10 months ago Hello @aweb3r,
Thanks for raising this issue. However, as @aligent-lturner mentioned, it can be an impossible task after considering the amount of the providers globally.
Let me discuss the ideal solution with the team first. In the meantime, you can whitelist those URLs manually.
Best Regards, Can
aweb3r
commented
10 months ago Hello @aligent-lturner @candemiralp,
indeed this seems like a tall order considering how many banks and domains exist out there. Nevertheless, the question arises as to how this module can be used sensibly in conjunction with CSP. Especially since the task is now mine for the time being to whitelist all the options. Don't get me wrong, but I don't see the task of integrating this module or the PSP on my side.
candemiralp
commented
2 months ago Dear all,
As we discussed before, it's not feasible and possible for us to list all the domain names. Hence, those domains which raises an issue need to be added manually to the whilelist.
Best regards, Can
"Refused to send form data to 'https://3d-secure.pluscard.de/3ds-method-start?org=pcs' because it violates the following Content Security Policy directive: "form-action 'self'"
Describe the bug Missing whitelisting for 3D-Secure *.pluscard.de and maybe more?
To Reproduce Steps to reproduce the behavior:
Expected behavior The 3D Secure window will fully load
Magento version 2.4.6-p3
Plugin version 9.0.2
Screenshots
Desktop (please complete the following information):
Additional context Please collect all domains for the csp_whitelist.xml that are relevant for 3D-Secure!