Content security policy script src
https://cdn.razorpay.com
Add item…
content_security_policy_script_src: Value must be either 'unsafe-eval' or 'wasm-unsafe-eval', or in the form '<hash algorithm>-<base64 value>' where supported hash algorithms are sha256, sha384 or sha512. Ensure that your input is wrapped in single quotation marks.
Additional allowlisted script sources. The current host and CDN are included by default. See Mitigate XSS Attacks with Content Security Policy. (CSP). Other host sources are ignored as strict-dynamic is enabled.
Right, that’s the error with the setting configuration in the admin area… after adding your script, what you want to look for is an error in your browser console (right click the page where the script should be loaded, select inspect, then navigate to the “console” tag)
In the console you should see an error similar to this: