developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

AcceptHosted Error: inline script violates Content Security Policy directive

When completing a 'Test' payment using the AcceptHosted API ( and using the Iframes and Lightboxes style), the payment completes but the user is not redirected back to the calling site and there's a console error: Refused to execute inline script because it violates the following Content Security Policy directive

The form is being posted with inline script as per the instructions ( https://developer.authorize.net/api/reference/features/acceptjs.html ). Is this Authorize.NET's test site imposing the restriction? Should we be implementing this differently?

We're using version 1.9.6 of the AuthorizeNet.dll (because anything above that doesn't work when pass in the order parameter in the transactionRequestType)

Any ideas or guidance? I emailed support and they sent me here.

Full error is:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-UaUmkqZeZkGxzoDRrPTV0g==' blob: https://*.ads-twitter.com https://*.authorize.net https://*.bing.com https://*.ceros.com https://*.contentsquare.com https://*.contentsquare.net https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.storygize.com https://*.twitter.com https://*.visa.com https://*.youtube.com https://api.company-target.com https://cdn-assets-prod.s3.amazonaws.com https://code.jquery.com https://company-target.com https://id.rlcdn.com https://optimizely.s3.amazonaws.com https://rlcdn.com https://s.company-target.com https://scripts.demandbase.com https://segments.company-target.com https://storygize.com https://tag-logger.demandbase.com https://tag.demandbase.com  https://testwebsite/Payment/RedirectHandler https://testwebsite/Payment/IFrameCommunicator". Either the 'unsafe-inline' keyword, a hash ('sha256-rQFcSQ+uPvBBS36Ebz2AA8DWF5LxdwuQKeLhxEfN+Ec='), or a nonce ('nonce-...') is required to enable inline execution.



2 people had this problem.
mhatkinson
Member

‎01-27-2025 06:26 PM

Who Me Too'd this topic
Copyright © 2025 Khoros, LLC