Static version of pay.js for PCI compliance #316
Labels
enhancement
New feature or request
Comments
|
Hi @Kevin-McCormick-eStar We are aware of the PCI v4 requirements. Will update this issue once we have more clarity... |
|
I want to escalate this. The new requirement - verifying the integrity of all scripts - is mandatory by the end of March. Can you @dmengelt give us an update on the process and potential solution? Other helpful measurements would be to publish a list of valid SRI hashes and versions or even a changelog of the |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Is your feature request related to a problem? Please describe.
PCI v4 mandates more stringent integrity checks on scripts being loaded into payment pages
Describe the solution you'd like
A static version of pay.js that can be either hosted locally, or on a cors enabled cdn allowing for SRI checks
Additional context
This was mentioned in this issue as a comment
The text was updated successfully, but these errors were encountered: