search

stripe / stripe-apps

Stripe Apps lets you embed custom user experiences directly in the Stripe Dashboard and orchestrate the Stripe API.
https://stripe.com/docs/stripe-apps
MIT License
148 stars 73 forks source link

App Logo not loading → CSP Issue #944

Open obrunsmann opened 10 months ago

obrunsmann commented 10 months ago

Describe the bug When installing my app the logo gets blocked by CSP policy.

To Reproduce Steps to reproduce the behavior:

  1. Create new app
  2. Set logo
  3. Install app via oauth flow

Expected behavior Logo displayed correctly.

Screenshots

image

Desktop (please complete the following information):

Additional context

{
  "id": "app.xx.xx",
  "version": "0.0.16",
  "name": "xx",
  "icon": "./icon.png",
  "permissions": [
...
  ],
  "ui_extension": {
    "views": [
      {
        "viewport": "settings",
        "component": "AppSettings"
      }
    ],
    "content_security_policy": {
      "connect-src": [
        "https://xxx.app/api/"
      ],
      "image-src": null,
      "purpose": ""
    }
  },
  "allowed_redirect_uris": [
...
  ],
  "stripe_api_access_type": "oauth",
  "distribution_type": "public"
}
gabrielhurley-stripe commented 10 months ago

We're checking into this internally and will get back to you. Thanks!

obrunsmann commented 10 months ago

@gabrielhurley-stripe thank you, This issue seems to only happen while being in review state. Since we are approved in the logo works finally

ngrubb-stripe commented 10 months ago

@obrunsmann Thanks for reporting! That is correct, this bug only occurs when your app has not yet been approved / published to the App Marketplace.

We are actively working to resolve this and will report back when we have a fix in place.