I've got some security-related errors which cause Stripe elements not to display correctly. Some googling helped to understand that presumably web2py uses CSP (content security policy?) and some stripe resources need to be whitelisted somewhere (not sure if it's web2py-related or web server-related - I am using the default rocket server).
Any ideas on how to fix this up? Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController3:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController1:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". js.stripe.com/v3/controller-d87ddc0145c66826814f1428b5e7b170.html#apiKey=pk_test_SVBr0v0gb6RVYQKgghwtE5TJ&stripeJsId=58cb6bb9-873c-4ac9-8cae-a137e3b7f446&origin=http%3A%2F%2F127.0.0.1%3A8000&referrer=http%3A%2F%2F127.0.0.1%3A8000%2Fladore%2Fcart%2Fcredit_cards&controllerId=__privateStripeController5:1 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' https://q.stripe.com". -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/9a50e6a9-0314-4a3f-a465-e26630c12a25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.