question

mrwsds-rp avatar image
mrwsds-rp asked David Marginian Deactivated commented

Browser Error in clover hosted iframe

I am trying to implement the iframe mentioned here

https://docs.clover.com/docs/using-the-clover-hosted-iframe


When I load my page on Chrome Version 86.0.4240.183 (64-bit) I get the following error on the console


  1. Content Security Policy of your site blocks the use of 'eval' in JavaScript


    1. The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

      To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.

      If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.

      ⚠️ Allowing string evaluation comes at the risk of inline script injection.


The script being blocked is https://checkout.sandbox.dev.clover.com/scripts/index-7b61f880.js

if you search the code you will find it uses setTimeout


The generation of the token using the card details entered is not working. I am assuming it is due to this script being blocked.


Please advise on how to fix this.

e-commerce api
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated commented

Can you try this codepen? https://codepen.io/gareth-dsouza/pen/MWKbWwv

6 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

mrwsds-rp avatar image mrwsds-rp commented ·

Hi, I tried the codepen and I am able to generate the token for the card details entered.

The console still shows the same error though. Should we be concerned about this or can this be ignored? Is it also possible to remove the zip code validation?

0 Likes 0 ·
gd213 avatar image gd213 ♦♦ mrwsds-rp commented ·

What zip codes are your trying to use? As of now we only support US and Canada

0 Likes 0 ·
mrwsds-rp avatar image mrwsds-rp gd213 ♦♦ commented ·

We will be using postal codes for canada

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ mrwsds-rp commented ·

That error can be ignored. I have previously written it up and we are looking into it. What is your use case for removing zip code validation? If you remove it and the user enters an invalid zip then the transaction would be higher risk and be flagged by avs anyway.

0 Likes 0 ·
mrwsds-rp avatar image mrwsds-rp David Marginian ♦♦ commented ·

thanks for the reply about the browser error, i will leave the zip code validation for now.

Another issue i am having is creating the charge via a curl post request. I am always getting a 401 Unauthorized Error. How do i generate the auth token to be used in the Authorization bearer of the curl request.


0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community