Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent malicious content from being executed on a webpage by specifying trusted sources for scripts, styles, and other resources.
Walley iFrame​
The Walley iFrame is a secure way to collect sensitive payment information. In order to ensure the security of the iFrame, it is important to only allow content from trusted sources.
We strongly recommend that CSP is used to restrict the sources of content that can be loaded. The following domains are used by Walley and should be allowed in your CSP depending on enviroment.
The domain lists below is subject to change. To stay up to date, please subscribe for updates in the Merchant Hub.
Production​
| URL | Description |
|---|---|
| https://*.walleypay.com | Main domain that Walley Pay uses |
| https://*.checkout.walleypay.com | Main domain that Walley Pay uses |
| https://*.paymentiq.io | Needed for card payments |
| https://*.cdn-apple.com | Needed for Apple Pay payments |
| https://*.ingrid.com | Needed if Ingrid delievery adapter is used |
Test​
| URL | Description |
|---|---|
| https://*.uat.walleydev.com | Main domain that Walley Pay uses |
| https://*.checkout.uat.walleydev.com | Main domain that Walley Pay uses |
| https://*.paymentiq.io | Needed for card payments |
| https://*.cdn-apple.com | Needed for Apple Pay payments |
| https://*.ingrid.com | Needed if Ingrid delievery adapter is used |
If you are using the deprecated 'collector.se' URL for iframe loader please update. See Endpoints for more information.