🚨
This guide is only relevant for the Web integration.
If your checkout page is using the Content-Security-Policy header, you'll need to add a few things to your allowlist.
| Policy | Origin | Notes |
|---|---|---|
script-src | *.primer.io | required |
frame-src | *.primer.io | required |
style-src | *.primer.io | required |
style-src | 'unsafe-inline' | required |
connect-src | *.primer.io | required |
frame-src | *.3dsecure.io | For 3DS |
frame-src | *.cardinalcommerce.com | For 3DS |
frame-src | *.paypal.com | For PayPal Payments |
connect-src | *.paypal.com | For PayPal Payments |
script-src | *.paypal.com | For PayPal Payments |
img-src | *.paypal.com | For PayPal Payments |
script-src | *.paypalobjects.com | For PayPal Payments |
img-src | *.paypalobjects.com | For PayPal Payments |