CSP error with Paypal and credit card payments

Dear Cloudflare community,

I have an ecommerce created with Prestashop, after enabling the CDN when a customer tries to place an order using PayPal or credit card, the payment is processed but is subsequently not redirected to the order confirmation page, errors appear in the front end and the following errors in console:

Refused to send form data to ‘https://www.paypal.com/webapps/Optional[https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect]’ because it violates the following Content Security Policy directive: “form-action ‘self’ https://.paypal.com https://.cardinalcommerce.com”.

Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)

Uncaught TypeError: Cannot read property ‘getElementsByTagName’ of undefined
at onBodyLoad (creq:2646)
at setCookies (creq:2875)
at onload (creq:2933)

front.js?version=2.15.4:2 POST https://mysite.com/en/module/ps_checkout/validate 400

POST https://mysite.com/it/module/ps_checkout/validate 524

How can I fix these errors? Thanks in advance.

Cloudflare doesn’t add CSP headers - they are sent from your origin.

It’s best to check your origin directly to see what CSP headers are set:

curl -svo /dev/null --connect-to ::1.2.3.4 --ipv4 https://mysite.com/it/module/ps_checkout/validate

Replace the URL with your real URL and 1.2.3.4 with your origin server IP. This allows you to see the response headers (including any CSP header) without Cloudflare. It should illustrate that the CSP header is incorrect at the origin and you’ll need to fix it there, rather than in Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.