braintree-web icon indicating copy to clipboard operation
braintree-web copied to clipboard

Published 20 hours ago verified publisher icon braintree

SecurityError: An attempt was made to break through the security policy of the user agent.

Open felix-berlin opened this issue 7 months ago • 5 comments
trafficstars

Hello everyone,

we are using some of the local payment methods like for example iDEAL, Bancontact ect.

Right now it is not possible to successfully pay with one of those payment providers, braintree-web init as normal but when someone tries to pay for example with iDEAL the iFrame generated by braintree-web does fail with the following error: SecurityError An attempt was made to break through the security policy of the user agent..

The iFrame opens, but the only thing you see is an infinite loading spinner:

Image

This behavior occurs with version 3.117.1 and 3.118.0.

felix-berlin avatar Apr 16 '25 09:04 felix-berlin

I have the same problem. The error happens at least in Chrome, Safari and Firefox on macOS. All have the newest version. According to our error tracking older Chrome versions and browsers on Windows and Android are affected aswell.

kaiserkiwi avatar Apr 16 '25 10:04 kaiserkiwi

I'm facing the same issue.

Also in development environment like localhost I'm having cors errors

Image

vettndr avatar May 03 '25 15:05 vettndr

@kaiserkiwi @felix-berlin @ibooker hello guys, any updates?

vettndr avatar May 05 '25 09:05 vettndr

Hi @vettndr, not really 😔. We are in contact with the braintreee support, they are investigating directly on our staging env.

felix-berlin avatar May 05 '25 10:05 felix-berlin

We just fixed the error and were able to pin it down to our Vue 3 Update. We still were using Vue 2.7 with the Options API until April. The error was obvious only a week later so it was hard for us to know what exactly the reason was, as we deployed nothing related to it.

Anyways… The error was, that we saved our localPaymentInstance property in the data-Object from the Options API. This was no problem in Vue 2 as it was still just an object. But in Vue 3 objects in reactive properties are Proxy-Objects. And this is the reason for the security error. What we are sending to Braintree was a whole lot more complex than the object that was expected. Hence the security error.

So we converted the component to the Script Setup Composition API. The error persisted, as the localPaymentInstance was converted 1 to 1 as const localPaymentInstance = ref(null);. I changed the line to let localPaymentInstance = null; and it worked instantly.

It can be so easy sometimes. You just have to know the context. 😅

kaiserkiwi avatar Jun 23 '25 11:06 kaiserkiwi

Closing since this is an issue specific to Vue

jplukarski avatar Jul 21 '25 17:07 jplukarski