From 3c1be038b5b905b897d527f9a0a9beb54e73c77c Mon Sep 17 00:00:00 2001 From: tsigno Date: Tue, 5 May 2026 19:01:39 +0200 Subject: [PATCH 1/4] document apple pay CSP policy --- .../docs/online-payments/checkouts/card-widget.mdx | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/content/docs/online-payments/checkouts/card-widget.mdx b/src/content/docs/online-payments/checkouts/card-widget.mdx index f4cf0cb4..399bb3b1 100644 --- a/src/content/docs/online-payments/checkouts/card-widget.mdx +++ b/src/content/docs/online-payments/checkouts/card-widget.mdx @@ -190,6 +190,15 @@ In order to properly render the card widget with CSP in place, you must whitelis Additionally, `nonce` is required to make inline styles work on your host page. For more information view [the CSP docs](https://content-security-policy.com/nonce/). +To allow Apple Pay functionality on third party browsers, make sure to allow Apple Pay SDK domain in your CSP: + +``` +default-src 'self' applepay.cdn-apple.com ...; script-src 'self' applepay.cdn-apple.com ... +``` + +This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. Note that this feature is only available on the Swift Checkout SDK. + + Example implementation with `nonce`: ```js From 80bc37eefc0d98e68b8f5c04f97b23dfcf81bc57 Mon Sep 17 00:00:00 2001 From: tsigno Date: Thu, 7 May 2026 10:15:06 +0200 Subject: [PATCH 2/4] fix linting --- src/content/docs/online-payments/checkouts/card-widget.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/content/docs/online-payments/checkouts/card-widget.mdx b/src/content/docs/online-payments/checkouts/card-widget.mdx index 399bb3b1..236b7a26 100644 --- a/src/content/docs/online-payments/checkouts/card-widget.mdx +++ b/src/content/docs/online-payments/checkouts/card-widget.mdx @@ -192,13 +192,12 @@ Additionally, `nonce` is required to make inline styles work on your host page. To allow Apple Pay functionality on third party browsers, make sure to allow Apple Pay SDK domain in your CSP: -``` +```text default-src 'self' applepay.cdn-apple.com ...; script-src 'self' applepay.cdn-apple.com ... ``` This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. Note that this feature is only available on the Swift Checkout SDK. - Example implementation with `nonce`: ```js From 79f2fe7fc233152ff83265220677dc123aedb7b6 Mon Sep 17 00:00:00 2001 From: tsigno Date: Thu, 7 May 2026 10:55:10 +0200 Subject: [PATCH 3/4] move apple pay CSP docs to own subsection --- .../online-payments/checkouts/card-widget.mdx | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/content/docs/online-payments/checkouts/card-widget.mdx b/src/content/docs/online-payments/checkouts/card-widget.mdx index 236b7a26..f9cd7937 100644 --- a/src/content/docs/online-payments/checkouts/card-widget.mdx +++ b/src/content/docs/online-payments/checkouts/card-widget.mdx @@ -190,14 +190,6 @@ In order to properly render the card widget with CSP in place, you must whitelis Additionally, `nonce` is required to make inline styles work on your host page. For more information view [the CSP docs](https://content-security-policy.com/nonce/). -To allow Apple Pay functionality on third party browsers, make sure to allow Apple Pay SDK domain in your CSP: - -```text -default-src 'self' applepay.cdn-apple.com ...; script-src 'self' applepay.cdn-apple.com ... -``` - -This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. Note that this feature is only available on the Swift Checkout SDK. - Example implementation with `nonce`: ```js @@ -270,3 +262,13 @@ server.listen(port, () => { ``` If you continue to experience issues with rendering the Payment Widget, reach out to our support through this [contact form](/contact). + +### Apple Pay specific policies + +To allow Apple Pay functionality on third party browsers, make sure to allow Apple Pay SDK domain in your CSP: + +```text +default-src 'self' applepay.cdn-apple.com ...; script-src 'self' applepay.cdn-apple.com ... +``` + +This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. Note that this feature is only available on the Swift Checkout SDK. From c975bfcd4f702d70dc550b5a7a4ff0cd24a8d9da Mon Sep 17 00:00:00 2001 From: tsigno Date: Thu, 7 May 2026 11:04:18 +0200 Subject: [PATCH 4/4] improve notification of support for Apple Pay policy --- src/content/docs/online-payments/checkouts/card-widget.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/content/docs/online-payments/checkouts/card-widget.mdx b/src/content/docs/online-payments/checkouts/card-widget.mdx index f9cd7937..8e8e9207 100644 --- a/src/content/docs/online-payments/checkouts/card-widget.mdx +++ b/src/content/docs/online-payments/checkouts/card-widget.mdx @@ -271,4 +271,8 @@ To allow Apple Pay functionality on third party browsers, make sure to allow App default-src 'self' applepay.cdn-apple.com ...; script-src 'self' applepay.cdn-apple.com ... ``` -This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. Note that this feature is only available on the Swift Checkout SDK. +This is an optional feature, not including these policies will simply prevent Apple Pay from extended availability on unsupported browsers. + +