search

braintree / braintree_java

Braintree Java library
https://developer.paypal.com/braintree/docs/start/overview
MIT License
158 stars 98 forks source link

Braintree JS SDK in sandbox iframe #35

Closed jart closed 8 years ago

jart commented 8 years ago

Forgive me if this is not the proper place to file this bug.

If I try to embed the 'dropin' Braintree JS SDK v2 in an iframe with the HTML5 sandbox attribute (for bidirectional security), then the browser will raise an error saying that the script is accessing document.cookie to write a value named 'venmo' or something. Even though I'm not using Venmo.

A workaround exists, which is to host the iframe on a separate domain, so cross-origin browser security policies kick in. But it would simplify production systems management if the braintree iframe were able to be hosted inside a sandbox.

crookedneighbor commented 8 years ago

No worries. I've copied your text and opened up an issue here for it: https://github.com/braintree/braintree-web/issues/125