It looks like Stripe.js is not being loaded from https://js.stripe.com. Stripe does not support serving Stripe.js from your own domain. mrgalaxy_stripe.js: 35

[stephentcannon]

Error in console after upgrading package to latest.

Was working prior.

[chadokruse]

Just noticed this myself after upgrading a few minutes ago. The good news is it looks harmless:
https://botbot.me/freenode/stripe/2015-01-15/?page=1

As you probably are aware, this package downloads a direct copy of Stripe.js (https://js.stripe.com/v2/)...which apparently now conflicts with Stripe requirements. I recall seeing another Meteor package that just wrapped Stripe for Node.js, pulling the others from Stripe's servers. That's the path I'll likely go down, but interested in your thoughts @tyler-johnson.

[tyler-johnson]

Yes, I did notice a stripe.com reference when I was upgrading it yesterday. I wondered if they were now whitelisting which domains it works with. I guess since it only console.warn the message it is not actually stopping you from using it, however it is still annoying.

I will look into a workaround, possibly by going to Stripe directly. I'll have to check on how Meteor suggests doing that. In the meantime are there any other suggestions on how to fix this?

[chadokruse]

In the past I've used two different approaches, both with their pros and cons (there may be newer, less hacky approaches but I haven't looked in awhile).

1. Wait-on-Lib package - requires iron-router
2. Insert the script using the rendered callback - feels hacky. I do this to load Coinbase's button.js:

Template.altPaymentsCoinbase.rendered = function() {
  //Define where to insert the script
  var insertID = document.getElementById('js-coinbase');
  //Define the script itself
  var script = document.createElement('script');
  script.type = 'text/javascript';
  script.async = true; //Unsure if this is supported
  script.src = 'https://coinbase.com/assets/button.js';
  //Generate the script
  insertID.appendChild(script);
};

[tyler-johnson]

What about something like this answer on SO? http://stackoverflow.com/a/17506335

It seems simple enough to include an HTML file which references the Stripe script on their servers.

[chadokruse]

You know, that's definitely the simplest approach. The main value of this package imho (thank you btw!) is having Stripe for Node.js wrapped in a Meteor package. If the user doesn't mind having the Stripe scripts downloaded on all pages/routes, they can just include in head per the SO approach. If they want to limit it to specific pages/routes (my use case), they can use any one of the alternatives.

I may have time for a PR later this week to add the per-page options if you'd find it useful.

[choyweston]

+1 Thanks for looking into this. Does the NPM package have the same error?

[guilhermedecampo]

1+ =)

[tyler-johnson]

Okay this has been fixed with 26064fd. I considered this to be a "breaking change" so I've bumped the version to 2.0.0. Please let me know if anything is broken. :)

Thanks everyone!

[choyweston]

Awesome! Thanks!

[flean]

@tyler-johnson I'm still getting the error, besides updating do I have to do anything else?

[tyler-johnson]

You shouldn't need to. I recommend looking at the HTML source returned from the server. It should have a <script type="text/javascript" src="//js.stripe.com/v2/"></script> at the bottom of <head>.

Otherwise you might be loading off an old version? Or perhaps another package is doing something with the content?

[flean]

@tyler-johnson I did find that but the warning is still there, what I'm noticing is that it appears after <meta name="fragment" content="!"> not sure if that causes an issue. I use manuelschoebel:ms-seo for meta tags.

[dan335]

I'm still seeing the error after upgrading to 2.0.0. <script type="text/javascript" src="//js.stripe.com/v2/"></script> is in the

[molleman]

I'm still seeing the error also and i just installed

[flean]

@tyler-johnson Any news on this issue? I see that I'm not the only one. Thanks

[tyler-johnson]

No news yet, but I'm going to reopen while I investigate.

[dearlordylord]

To clarify things: I have <script type="text/javascript" src="//js.stripe.com/v2/"></script> in but this message still appear.

[justindra]

Hi,

I'm still getting the warning and also now receiving this error:

Uncaught ReferenceError: Stripe is not defined

And I do have the script loaded in the html

<script type="text/javascript" src="//js.stripe.com/v2/"></script>

[tyler-johnson]

Alright just pushed version 2.1.0. Please try to update and see if you are still having issues.

I'm still getting the error

Okay, so it seems that Stripe.js wants to be loaded directly from https not from http. So when trying to load the insecure version, Stripe sends a redirect, but that tricked the script into thinking it wasn't loaded there. Sort of odd, but I fixed it by forcing the https version in the script tag.

also now receiving this error:
Uncaught ReferenceError: Stripe is not defined

Stripe.js is now loaded after all other Meteor scripts, which means it isn't available immediately anymore. Instead, you'll have to wait till after the app has started before using the variable. I modified the Usage section in the read me to detail this.

Also, to keep everything consistent, I have moved Stripe Checkout to script tag in the <head> like Stripe.js. This means that it isn't available till startup either.

[justindra]

That worked awesomely! Thanks!

[lferro9000]

The error also happens with v3 when you don't pass the public token as instructed.

(for future reference)