[BUG]: iframes will not load when you have COEP / COOP set on your site

jronnen7 commented 3 months ago

What happened?

When setting increased security settings on your site the resources loaded from stripe are being blocked

Set the following headers on your server to reproduce this error

         Cross-Origin-Embedder-Policy "credentialless";
         Cross-Origin-Opener-Policy "same-origin";

Is there any way we can ensure either the iframe files are hosted with a CORP header 'cross-origin' or a way to configure the iframe directly before embedding it (less ideal solution), maybe an init parameter for stripe.js? ?

The credentialless attribute is not widely supported, (i.e. safari and firefox do not support it), so it would be best if the header was appended correctly from the server response Cross-Origin-Resource-Policy: 'cross-origin'

There is a lot more reports of developers with this same issue here

brendanm-stripe commented 3 months ago

Closing as duplicate of #417

jronnen7 commented 3 months ago

Closing as duplicate of #417

If we are closing because of a duplicate can we reopen the other one?

stripe / stripe-js

[BUG]: iframes will not load when you have COEP / COOP set on your site #634

What happened?