Hey guys, we're using your amazing service to process our payments but faced a major issue when configuring our site's Content Security Policy (CSP).
The problem is basically straightforward: your code is using javascript eval() and Function() methods and gets blocked by browsers unless we appoint 'unsafe-eval' into our CSP. The thing is that making this change, would weaken our CSP and leave our service vulnerable to a range of dangerous DOM-based XSS vulnerabilities and attacks.
Here's a screenshot of the place in your code that is using unsafe methods and it would be great if you could have a look and fix this security issue. As far as we could see there are just two places in your code that do such things and hopefully it won't be too much effort to adjust it.
Thank you in advance for your assistance. We're eagerly awaiting your response. Please let us know if you need any further information.
PS. the comment regarding jquery on the screenshot is now clear. Seems like the file your script is loading is 404
Hey guys, we're using your amazing service to process our payments but faced a major issue when configuring our site's Content Security Policy (CSP).
The problem is basically straightforward: your code is using javascript
eval()andFunction()methods and gets blocked by browsers unless we appoint 'unsafe-eval' into our CSP. The thing is that making this change, would weaken our CSP and leave our service vulnerable to a range of dangerous DOM-based XSS vulnerabilities and attacks.Here's a screenshot of the place in your code that is using unsafe methods and it would be great if you could have a look and fix this security issue. As far as we could see there are just two places in your code that do such things and hopefully it won't be too much effort to adjust it.
Thank you in advance for your assistance. We're eagerly awaiting your response. Please let us know if you need any further information.
PS. the comment regarding jquery on the screenshot is now clear. Seems like the file your script is loading is 404