Payments

Apple Pay on the web is one of those integrations that looks simple in the demo and gets messy the moment you put a real CSP in front of it. If your checkout already runs a strict policy, Apple Pay usually breaks in one of three places: the Apple Pay JavaScript bootstrap the merchant validation request flow embedded payment UI or gateway-owned frames The hard part is that “Apple Pay support” does not mean one fixed CSP. Your policy depends on how you integrate it: ...

Adyen is one of those integrations where CSP gets real fast. A normal marketing site can get away with a basic policy and a couple of allowlists. Payments are different. You’re loading third-party scripts, embedding frames, sending XHR requests to payment endpoints, and sometimes dealing with redirects or 3D Secure flows. If your CSP is too strict, checkout breaks. Too loose, and you’ve basically given up the point of having CSP. ...