Describe the bug
When integrating ngx-stripe into an Angular application, CSP violations are triggered in Chrome, resulting in refusal to execute inline scripts due to missing hash or nonce values. These violations occur despite the CSP allowing necessary sources, making it difficult to run the application without disabling critical security features like unsafe-inline.
To Reproduce
Steps to reproduce the behavior:
1.Implement ngx-stripe(18.1.0) in an Angular application(18)
Load the page in Chrome
Inspect the browser’s console
Observe the CSP violation errors in the console related to unsafe-inline or missing hashes
Screenshots
Desktop
Browser chrome
Version 131
Additional context
I have tested the behavior across different browsers. The error is consistently present in Chrome, where CSP violations are preventing the execution of inline scripts. Other Browsers (Firefox, Edge): In these browsers, the issue doesn't cause any errors. While there are some warnings, they do not block the execution of scripts or affect functionality.
Also I want to mention that I have seen the same errors on the Ngx-Stripe web site(https://ngx-stripe.dev/docs/payment-element)
Describe the bug When integrating ngx-stripe into an Angular application, CSP violations are triggered in Chrome, resulting in refusal to execute inline scripts due to missing hash or nonce values. These violations occur despite the CSP allowing necessary sources, making it difficult to run the application without disabling critical security features like unsafe-inline.
To Reproduce Steps to reproduce the behavior: 1.Implement ngx-stripe(18.1.0) in an Angular application(18)
Screenshots
Desktop
Additional context I have tested the behavior across different browsers. The error is consistently present in Chrome, where CSP violations are preventing the execution of inline scripts. Other Browsers (Firefox, Edge): In these browsers, the issue doesn't cause any errors. While there are some warnings, they do not block the execution of scripts or affect functionality. Also I want to mention that I have seen the same errors on the Ngx-Stripe web site(https://ngx-stripe.dev/docs/payment-element)