Comments (21)
fred-stripe
commented on May 26, 2024
18
@jasondonnette Great question! I've seen several reports of this, and I've narrowed this down to a browser bug with Chrome on iOS, have a look:
The gist of it is that if there's an iframe on the page—as is the case with Stripe.js, Checkout, or Elements—Chrome iOS's autofill will attempt to read the iframe's contents in order to find more fields to fill in. However, Chrome iOS doesn't check the iframe's origin and so causes an error like "blocked a frame with origin (https://yourpage) from accessing a frame with origin (https://js.stripe.com)".
It looks like Chrome's development team is working on the issue and a fix will be released in Chrome iOS v61. Meanwhile, in my testing this doesn't prevent Elements or Stripe.js from working as expected. Only your error-tracking Javascript is seeing this error, and not your customers. You can safely ignore this error for now.
from react-stripe-elements.
jasondonnette
commented on May 26, 2024
3
I'm getting this error as well, just started seeing reports coming in through Sentry.io - four users affected, all with the same browser/os combo:
iOS Version: 10.3.1
Chrome Mobile iOS Version: 60.0.3112
I don't believe there is any code on the site trying to reach into the Stripe iframe, what would be the purpose of that? It is strange it's an isolated issue to that browser/os combo, but I am looking into it more.
@whatrocks did you figure anything out yet?
edit: I'm actually not using react-stripe-elements in my project – so it's likely a Stripe.js related issue.
from react-stripe-elements.
fred-stripe
commented on May 26, 2024
3
@jasondonnette CriOS/59.0.3071.102 is Chrome iOS' User Agent.
@whatrocks BaiduHD/5.4.0.0 is the embedded browser in Baidu I'm guessing? Since Chrome iOS is open source it's possible they adapted some of that code, or wrote similar autofill features.
Keep in mind in either case that while this error sounds dire, it doesn't prevent Stripe Elements from functioning—it's just the browser security model protecting the iframe contents from code running in the browser itself!
from react-stripe-elements.
whatrocks
commented on May 26, 2024
2
@fred-stripe I've now also seen this error for Safari on iOS via Sentry reports.
from react-stripe-elements.
whatrocks
commented on May 26, 2024
1
Okay, then maybe I'm not understanding your first comment, where you said "it looks like something on is trying to read from the js.strip.com iframe." Isn't that meant to happen, because I need to load Stripe.js? Thanks again @jenan-stripe and sorry if I'm not understanding your comment correctly.
from react-stripe-elements.
atty-stripe
commented on May 26, 2024
1
@EricFries yep, and it looks like the Chrome version in your UA string is 59; this was fixed in 61. You can safely ignore the errors, as they do not affect Elements in any way.
from react-stripe-elements.
ffxsam
commented on May 26, 2024
1
@atty-stripe Thanks for your comment! I came here due to this issue as well, and my customer is using Chrome 57. I figured it was maybe an older browser issue as no other user has caused this particular error to be thrown.
from react-stripe-elements.
jenan-stripe
commented on May 26, 2024
Hi @whatrocks! It looks like something on https://www.mycoolwebsite.com is trying to read from a js.stripe.com iframe. I haven't seen any issues on Chrome iOS. Do you have a reproducible example?
from react-stripe-elements.
whatrocks
commented on May 26, 2024
Thanks @jenan-stripe ! I'll try to set up a sample app with this issue.
This README says you need to add this script to your app: <script src="https://js.stripe.com/v3/"></script> - so I'm including that in the head of my initial HTML page. That's where the js.stripe.com iframe comes from. Is this still necessary - or is there a better way to do this?
from react-stripe-elements.
jenan-stripe
commented on May 26, 2024
@whatrocks Yes that's correct. Adding <script src="https://js.stripe.com/v3/"></script> loads Stripe.js, which is required to use react-stripe-elements.
from react-stripe-elements.
jenan-stripe
commented on May 26, 2024
@whatrocks Ah. So, Stripe.js adds iframes to your page. If you have code that tries to reach into those iframes, the browser will give you a cross-origin error that you are seeing.
See generic example here: https://jsfiddle.net/o2wus94f/
It sound like you have code on your site (either other third party code or your own) that is trying to reach into the Stripe iframes, and the browser is preventing that from working for security reasons.
Hope that helps!
from react-stripe-elements.
whatrocks
commented on May 26, 2024
Thanks @fred-stripe for the info. We're still intermittently experiencing the issue popping up in Sentry.io, as well, @jasondonnette . But as far as I can tell this hasn't impacted any users directly.
from react-stripe-elements.
fred-stripe
commented on May 26, 2024
Hi @whatrocks can you send the exact User Agent you're seeing? The Chrome iOS and Safari iOS agents are incredibly close, with just a CriOS/vvv string tacked on in the middle.
from react-stripe-elements.
jasondonnette
commented on May 26, 2024
@fred-stripe Mozilla/5.0 (iPad; CPU OS 11_0_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) CriOS/59.0.3071.102 Mobile/15A402 Safari/602.1
from react-stripe-elements.
whatrocks
commented on May 26, 2024
@fred-stripe Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) BaiduHD/5.4.0.0 Mobile/10A406 Safari/8536.25
from react-stripe-elements.
HansOspina
commented on May 26, 2024
Same issue here:
Blocked a frame with origin "https://www.site.com" from accessing a frame with origin "https://js.stripe.com". Protocols, domains, and ports must match.
from react-stripe-elements.
adamreisnz
commented on May 26, 2024
I'm also seeing this issue being reported through Sentry for Safari mobile running on iOS 11.1.2.
The user agent is Mobile Safari UIWebView 11.1.2.
Is it safe to ignore these errors? They appear not in the payment flow but when trying to load the script. Will the Stripe integration still work as expected?
Edit: @fred-stripe already answered that above! So I will put in place a filter to ignore these errors as there's nothing we can do about it it seems. It could very well be a 3rd party browser plugin that might be trying to access the frame.
from react-stripe-elements.
chemitaxis
commented on May 26, 2024
Same here...
from react-stripe-elements.
EricFries
commented on May 26, 2024
Still seeing this same issue with Chrome Mobile iOS.
from react-stripe-elements.
atty-stripe
commented on May 26, 2024
@chemitaxis @EricFries could you share the full user-agent string of the browsers? As noted above, this is either a browser trying to reach into the iframe for autofill, or a script on your page trying to do the same. This is in all likelihood not a Stripe.js bug.
from react-stripe-elements.
EricFries
commented on May 26, 2024
@atty-stripe thanks for the response. One of the Sentry errors has a reference to hasPasswordField_ so an autofill problem sounds about right.
Here is the user-agent:
Mozilla/5.0 (iPad; CPU OS 10_3_3 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) CriOS/59.0.3071.102 Mobile/14G60 Safari/602.1
from react-stripe-elements.
Related Issues (20)
- CardNumberElement Placeholder Not Working HOT 1
- CardCvcElement onComplete fires after three digits for AMEX card HOT 2
- docs: confirmCardPayment with split card elements needs a docs update HOT 1
- Payment Fields are not clickable in Samsung device HOT 2
- My Stripe promise with React never resolves even after trying a timeout HOT 1
- 3D Secure Test Payment Screen iFrame - Any way to preview or control width/height? HOT 1
- Not able to customize CSS of CardElement HOT 1
- Split Card Number Not Inserted with 1Password Autofill HOT 1
- Elements locale option not localizing HOT 5
- When click on stripe element its getting blur HOT 1
- About scan card feature in mobile device HOT 1
- PaymentRequestButton Does Not Load On Safari PWA HOT 1
- Stripe console message : parameter: betas is not a recognized parameter. HOT 2
- Connection Failure text in CardNumberElement HOT 3
- loadStripe does not seem to work
- styling CardElement HOT 1
- Add support for extra types of buttons for Apple Pay HOT 1
- Elements tag doesn't accept locale HOT 2
- Add a full stripe elements integration example HOT 1
- PaymentRequestButtonElement Integration Error with saved browser card HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-stripe-elements.