I have a stripe elements integration on my project. I use sapper on front end and ruby on the backend.
I followed the tutorial to setup the server to generate payment intent using stripe private key and front end to show stripe embeddable UI using stripe publish key, everything works fine the only problem is as follows.
Once a payment is done using test card details I get the following error
Refused to load the image 'https://hooks.stripe.com/img/favicon.png' because it violates the following Content Security Policy directive: "img-src data: https://q.stripe.com".
The issue that you describe is related to the CSP and how it is configured for your project. Stripe has documentation related to the CSP describing all the required directives https://stripe.com/docs/security/guide#content-security-policy. It requires
img-srcdirective to allow loading of the content fromhttps://*.stripe.comwhile your current directive permits onlydata:andhttps://q.stripe.com. Extending your current directive with the requirements from Stripe should solve the issue.