It violates the following Content Security Policy directive: "base-uri 'self' https://*.paypal.com"

tisuchi
Contributor
Contributor
Posted on
‎Oct-16-2020 03:10 AM

Hello 

 

I am integrating PayPal Plus on Laravel. But when I try to integrate iFrame, it shows me the following error all the time-

Failed to load resource: the server responded with a status of 500 (Internal Server Error)
payment-selection:1 Refused to set the document's base URI to 'https://www.paypalobjects.com/web/res/be5/d662cbd9ab15932494b83d60a9967' because it violates the following Content Security Policy directive: "base-uri 'self' https://*.paypal.com".

 

BTW, I already added CSP meta tag. 

 

<meta http-equiv="Content-Security-Policy" content="default-src * self blob: data: gap:; base-uri 'unsafe-hashes'; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:;">

 

But still getting the same error. 

Login to Me Too
0 Kudos
Login to Reply or Kudo
0 REPLIES 0

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.