cancel
Showing results for 
Search instead for 
Did you mean: 

AcceptHosted Error: inline script violates Content Security Policy directive

When completing a 'Test' payment using the AcceptHosted API ( and using the Iframes and Lightboxes style), the payment completes but the user is not redirected back to the calling site and there's a console error: Refused to execute inline script because it violates the following Content Security Policy directive

The form is being posted with inline script as per the instructions ( https://developer.authorize.net/api/reference/features/acceptjs.html ). Is this Authorize.NET's test site imposing the restriction? Should we be implementing this differently?

We're using version 1.9.6 of the AuthorizeNet.dll (because anything above that doesn't work when pass in the order parameter in the transactionRequestType)

Any ideas or guidance? I emailed support and they sent me here.

Full error is:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-UaUmkqZeZkGxzoDRrPTV0g==' blob: https://*.ads-twitter.com https://*.authorize.net https://*.bing.com https://*.ceros.com https://*.contentsquare.com https://*.contentsquare.net https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.storygize.com https://*.twitter.com https://*.visa.com https://*.youtube.com https://api.company-target.com https://cdn-assets-prod.s3.amazonaws.com https://code.jquery.com https://company-target.com https://id.rlcdn.com https://optimizely.s3.amazonaws.com https://rlcdn.com https://s.company-target.com https://scripts.demandbase.com https://segments.company-target.com https://storygize.com https://tag-logger.demandbase.com https://tag.demandbase.com  https://testwebsite/Payment/RedirectHandler https://testwebsite/Payment/IFrameCommunicator". Either the 'unsafe-inline' keyword, a hash ('sha256-rQFcSQ+uPvBBS36Ebz2AA8DWF5LxdwuQKeLhxEfN+Ec='), or a nonce ('nonce-...') is required to enable inline execution.



mhatkinson
Member
1 REPLY 1

This error suggests that the payment processing system is rejecting the opaque data because it’s being used in a non-ECOM (e-commerce) market. Double-check that the transaction type aligns with the expected market settings, and ensure that the payment data is correctly formatted for ECOM transactions. If the issue persists, reaching out to the payment gateway support might help resolve it.

EhsaasRashan
New Member