search

PaddleHQ / paddle-js-wrapper

Wrapper to load Paddle.js as a module and use TypeScript definitions when working with methods.
Apache License 2.0
28 stars 4 forks source link

[Feature]: Serve a CORP header or allow users to proxy the Paddle CDN #33

Closed reknih closed 1 month ago

reknih commented 3 months ago

Tell us about your feature request

The Paddle.js wrapper should a) either download the main Paddle.js script from a host that sends a Cross-Origin Resource Policy (CORP) header with the value cross-origin or it should b) allow the user to specify their own script URL in the initializePaddle call to proxy the script load from Paddle's CDN through their own origin, serving the appropriate security headers.

What problem are you looking to solve?

I am integrating Paddle Checkout on a page that requires Cross Origin Isolation to access Shared Array Buffers. Hence, my page serves the corresponding COOP and COEP headers.

The checkout page itself does not require access to features that need Cross Origin Isolation, but since it is a Single Page App, I would like to avoid reloading the page before checkout to serving less (!) security headers and load Paddle.js.

Additional context

No response

How important is this suggestion to you?

Important

vijayasingam-paddle commented 3 months ago

Hi @reknih, Thank you for raising this feedback. This is related to #22 and I am working towards finding the best solution. I will let you know once it is released.

Thank you.

vijayasingam-paddle commented 1 month ago

Hi @reknih, Unfortunately, I have some bad news. I am afraid we won't be able to make our checkouts work with cross-origin isolation. Please refer to my comment on the other issue(#22) to know more.

I am going to close this issue as a duplicate. Please follow #22 to get notified when we get to fix this issue.

Sadly, there is very little we can do in this scenario. Please reach out to us if you need any other help.

Thank you.