In dev hub, I see a lot of CSP warnings about CSP WARN: Directive frame-src https://marketplace-dev.allizom.org:443 https://sandbox.paypal.com:443 violated by https://login.persona.org/communication_iframe We don't use PayPal anywhere. We should clean up CSP for marketplace so that we don't pollute with inaccurate CSP warnings.
we removed the PayPal JS include in bug 782366 but it requires the disable-payments flag. Hmm, we probably should just remove entirely, not based on the flag. Payments are not disabled on dev.
The error is confusing. Paypal was the only thing allowed and login.person.org violated the rule. I cleaned these all up recently.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.