Forgive me if this is not the proper place to file this bug.
If I try to embed the 'dropin' Braintree JS SDK v2 in an iframe with the HTML5 sandbox attribute (for bidirectional security), then the browser will raise an error saying that the script is accessing document.cookie to write a value named 'venmo' or something. Even though I'm not using Venmo.
A workaround exists, which is to host the iframe on a separate domain, so cross-origin browser security policies kick in. But it would simplify production systems management if the braintree iframe were able to be hosted inside a sandbox.
Forgive me if this is not the proper place to file this bug.
If I try to embed the 'dropin' Braintree JS SDK v2 in an iframe with the HTML5
sandbox
attribute (for bidirectional security), then the browser will raise an error saying that the script is accessingdocument.cookie
to write a value named 'venmo' or something. Even though I'm not using Venmo.A workaround exists, which is to host the iframe on a separate domain, so cross-origin browser security policies kick in. But it would simplify production systems management if the braintree iframe were able to be hosted inside a sandbox.