reactjs 来自@stripe/stripe-js的loadStripe在FireFox中使用NextJS导致CSP错误

mwngjboj 于 4个月前发布在 React

关注(0)|答案(1)|浏览(54)

我有一个用NextJS编写的应用程序。我需要运行以下代码来连接到条带进行交易，但当我将其添加到任何地方时，它会在Firefox中抛出几个警告。代码仍然有效，但我想解决这个问题。我尝试在_docuemnt.tsx中添加Meta标记，但它们使情况变得更糟。有人知道如何正确实现CSP以允许它在没有警告的情况下工作吗？
这也会导致cookie警告。
标准loadStripe实现

import { loadStripe } from "@stripe/stripe-js";
const PurchaseCoinsDropdownModal = ({ ...props }: Props) => {
    // calling this throws the warnings
    const stripePromise = loadStripe(process.env.NEXT_PUBLIC_STRIPE_PUB_KEY as string);

    return (
                            <Elements
                                options={{ clientSecret, appearance: { theme: document.body.classList[0] === "dark" ? "night" : "stripe" } }}
                                stripe={stripePromise}
                            >
                                <CheckoutForm
                                    total={usdFix(selectedCoin.price)}
                                    closeHandler={props.closeHandler}
                                />
                            </Elements>
    );
};

字符串
从这一点来看：

Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). sandbox eval code:544:346
Content-Security-Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent. sandbox eval code:544:346
Partitioned cookie or storage access was provided to “https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=http%3A%2F%2Flocalhost%3A3000%2F&title=Explore%20-%20Factiii&referrer=&muid=52c1d508-2a86-4261-9596-931ef99d8ff21fd5ef&sid=f19e156f-257a-4e0b-accf-26ae0b7f8519fed5f9&version=6&preview=false” because it is loaded in the third-party context and dynamic state partitioning is enabled.

Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). sandbox eval code:544:346
Content-Security-Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent. sandbox eval code:544:346
Partitioned cookie or storage access was provided to “https://m.stripe.network/inner.html#url=http%3A%2F%2Flocalhost%3A3000%2F&title=Explore%20-%20Factiii&referrer=&muid=52c1d508-2a86-4261-9596-931ef99d8ff21fd5ef&sid=f19e156f-257a-4e0b-accf-26ae0b7f8519fed5f9&version=6&preview=false” because it is loaded in the third-party context and dynamic state partitioning is enabled.

A resource is blocked by OpaqueResponseBlocking, please check browser console for details. 4 csp-report
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

型

reactjs

来源：https://stackoverflow.com/questions/77744029/loadstripe-from-stripe-stripe-js-causes-a-csp-error-in-firefox-with-nextjs