Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] CSP Error with inline script #797

Closed
simonmaass opened this issue Jul 16, 2024 · 2 comments
Closed

[ISSUE] CSP Error with inline script #797

simonmaass opened this issue Jul 16, 2024 · 2 comments
Assignees
@Frank-Magmodules
Labels
Fixed and planned for next release Fix will be included in the next release.

Comments

@simonmaass
Copy link

Describe the bug
Mollie Inline Script error due to Content Security Policy with inline script

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src

Used versions

  • Magento Version number(eg 2.3.5): 2.4.7-p1
  • Open source/Enterprise/B2b: OS
  • Mollie version number (Check configuration): 3.40.0

To Reproduce
Steps to reproduce the behavior:
1.)Create new Order
2.) Open Console

Expected behavior
A clear and concise description of what you expected to happen.

Actual behavior
A clear and concise description of what actually happens.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
The following script fails:

<script>
                                document.addEventListener('DOMContentLoaded', function() {
                                    const saveSelectedMethods = ()=>{
                                        // Save the selected payment methods to local storage
                                        var paymentMethods = document.getElementById('mollie_methods_paymentlink_methods');
                                        if (!paymentMethods) {
                                            return;
                                        }

                                        paymentMethods.addEventListener('change', function() {
                                            var selected = [];
                                            for (var i = 0; i < paymentMethods.options.length; i++) {
                                                if (paymentMethods.options[i].selected) {
                                                    selected.push(paymentMethods.options[i].value);
                                                }
                                            }
                                            localStorage.setItem('mollie_paymentlink_methods', JSON.stringify(selected));
                                        });
                                    }
                                    ;

                                    const setSelectedMethods = ()=>{
                                        var paymentMethods = document.getElementById('mollie_methods_paymentlink_methods');
                                        const selectedMethods = JSON.parse(localStorage.getItem('mollie_paymentlink_methods'));
                                        if (!selectedMethods || !paymentMethods) {
                                            return;
                                        }

                                        for (var i = 0; i < paymentMethods.options.length; i++) {
                                            if (selectedMethods.indexOf(paymentMethods.options[i].value) !== -1) {
                                                paymentMethods.options[i].selected = true;
                                            }
                                        }
                                    }
                                    ;

                                    saveSelectedMethods();
                                    setSelectedMethods();

                                    document.getElementById('order-billing_method').addEventListener('DOMSubtreeModified', ()=>{
                                        saveSelectedMethods();
                                        setSelectedMethods();
                                    }
                                    )
                                });
                            </script>
@Frank-Magmodules Frank-Magmodules self-assigned this Jul 16, 2024
@Frank-Magmodules Frank-Magmodules changed the title CSP Error with inline script [ISSUE] CSP Error with inline script Jul 16, 2024
@Frank-Magmodules Frank-Magmodules added the Investigating We are working on this issue together with the customer. label Jul 16, 2024
@Frank-Magmodules
Copy link
Collaborator

Same for this one, @simonmaass. Thanks for sharing this improvement. This will also be included in the upcoming release!

@Frank-Magmodules Frank-Magmodules added Fixed and planned for next release Fix will be included in the next release. and removed Investigating We are working on this issue together with the customer. labels Jul 23, 2024
michielgerritsen added a commit to michielgerritsen/mollie-magento2 that referenced this issue Aug 7, 2024
@michielgerritsen
Bugfix: Render script in secure tag mollie#797
e3c7f9c
@Marvin-Magmodules Marvin-Magmodules mentioned this issue Aug 15, 2024
Merged
@Frank-Magmodules
Copy link
Collaborator

Good evening @simonmaass , We’re happy to let you know that we’ve just launched version 2.40.1 of the plugin, which addresses the issue you described. Thank you for bringing this to our attention. I’m closing the issue now, but as always, feel free to reopen it if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Frank-Magmodules Frank-Magmodules

Labels
Fixed and planned for next release Fix will be included in the next release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Frank-Magmodules @simonmaass