Website Content Security Policy: Allow “Paypal Payments” Plugin

  • Resolved danrancan

    (@danrancan)


    1 year, 3 months ago

    Hi, I am trying to create a strict Content Security Policy (CSP) in my Nginx configuration, and I want to be sure that any outside sources that this (Woo Commerce Paypal Payments) plugin uses are included in my policy.

    In my Nginx virtual hosts server block, I am starting off with the following strict Content Security Policy (Header):

    add_header Content-Security-Policy "default-src 'self';

    Is there anything that THIS PLUGIN uses that isn’t included in ‘self’, that would need to be included in a strict content security policy header?

    If so, could you please tell me what else I need to include in my Nginx header (specifying img-src rules, style-src rules, script-src rules, connect-src rules, and any other etc-src etc-src rules to keep a strict CSP while still allowing this plugin to be fully functional? Thanks so much for any help!

    • This topic was modified 1 year, 3 months ago by James Huff.
    • This topic was modified 1 year, 3 months ago by James Huff. Reason: wikipedia excerpt removed
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Syde Joost

    (@joostvandevijver)

    Hello @danrancan

    Thank you for reaching out to us, we are here to help.

    This support team is not run by full stack developers, but support specialists. We know much about common issues and error and can help out merchant based on the error that they encounter. You have contacted us without encountering any issue or error, so we have little to actually go on at this moment.

    I would suggest testing on a staging site on your server and see if the communication works on your setup using sandbox accounts. If you then run into issues and have errors and logs you can share with us, we will be happy to take a look at them and include our developers in case needed.

    Let me know if that works for you.

    Kind regards,
    Joost

    Plugin Support Syde Joost

    (@joostvandevijver)

    Hello,

    Since we did not receive any response or follow-up questions from you, we will assume you got this working to your requirements. If you still have any more questions for us, please open a new thread, because we will mark this one as resolved.

    Kind regards,
    Joost

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Website Content Security Policy: Allow “Paypal Payments” Plugin’ is closed to new replies.