We are using WooCommerce and after the customer's payment has been successfully taken via Paypal the customer sees a Paypal confirmation page with a 'Return to Merchant' button at the bottom, however the button does not work. In Paypal account preferences Auto-return is off so NOT expecting it to auto-return.
In Chrome's Inspector there is an error in the Console that says: Refused to send form data to 'https://mydomain.com/checkout/order-received/3083/?key=wc_order_5b6c0b0b81314&utm_nooverride=1' because it violates the following Content Security Policy directive: "form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com
From further reading I believe a Content Security Policy (CSP) needs adding either to the website .htaccess file or to a meta tag on the return page. Or I see there is a 'WP Content Security Policy' plugin, would that fix it? Anyone else had experience with this CSP error?
I am facing the same error after the TLS security has been updated. In sandbox, the payment is successfull but the return to merchant button is not working. There is a console error as it is not allowed to submit POST call form to redirect a 3rd party site.
Please help me on this.
This is an issue with Paypal's Content Security Policy. CSP is a feature of browsers to prevent loading content from domains you don't want content to load from. Their policy currently only allows this for form actions:
"form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com".
They will have to dynamically add the return url to the CSP for the return url from the merchant.
Here is the message I got from Paypal:
Thank you for contacting PayPal Merchant Technical Support. I am happy to assist you with this.
This is a known issue that our engineering team is working on. When they have a fix I will reach out via this ticket and update you.
Global Technical Support
OMG yes thank you for the answers. I registered an account just to find out more/post this issue. It's becoming a big issue for sites we built on woocommerce + paypal.
I Have 2 websites and i got same problems on them,
just the problem is new, i didnt had that problem before 4-5 days !
i hope someone can get the reason and solution for that.