I am trying to implement the Paypal unsubscribe button which can be found in this link https://developer.paypal.com/docs/paypal-payments-standard/integration-guide/html-example-subscribe/?mark=unsubsc#unsubscribe-button
But I get a CSP error (in the image attached) and It will not allow me to log into my paypal sandbox account.
Has anyone experienced this or have solved this problem? CSP Error Image
On
Update, I think whats happening is I'm trying to use the unsubscribe button and log in with a sandbox personal account, but I have just researched that the reason why I cant log in with this account is because the unsubscribe button might only function for live checkout flow meaning that it is only works for real accounts that want to subscribe. Please correct me if I'm wrong with this. But the question would then be how do I test the unsubscribe button in my dev environment?
PS I got this idea from one of the comments in this thread : paypal Some of your info isn't correct. Please try again
Console error you shown have nothing common with Paypal unsubscribe button. As seen from a little pieces of your CSP, Paypal's images is allowed
Since you have not shown the entire error text, it's possible only guess that site uses a facebook authorization and facebook's logo has been blocked in the
img-srcdirective.PS: It's better to add
target="_blank"attribute to "unsubscribe" button link:otherwise if you use "unsubscribe" button within iframe - on clicked you'll get next error: Load denied by X-Frame-Options: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Fautopay&state=%2F does not permit cross-origin framing.
Updated
Ok, I did reproduce this CSP error.
After click "Unsubscribe" btn you follow to paypal webpage, so it is Paypal's CSP error, but not your web page!. So you have nothing to do this this CSP error.
Console error:
Refused to load the image 'https://www.facebook.com/tr?id=1674696026155243&noscript=1&cd[FPTICookie]=cb3302411740a4cc08380a42fd7e4e22&ev=ViewContent' because it violates the following Content Security Policy directive: "img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com data:"appears in old Chrome v49/WinXP, the latest Chrome v85 has much more different CSP errors:
By the way, Paypal's CSP has a lot of bugs. Paypal uses third-party tracking-pixels but did not enable these in the CSP. Just wonder why such serious service do not watch the CSP violation reports.
I think you should address this matter to Paypal tech support, this is in their area of responsibility.