[Feature]: Serve a CORP header or allow users to proxy the Paddle CDN

[reknih]

Tell us about your feature request

The Paddle.js wrapper should a) either download the main Paddle.js script from a host that sends a Cross-Origin Resource Policy (CORP) header with the value cross-origin or it should b) allow the user to specify their own script URL in the initializePaddle call to proxy the script load from Paddle's CDN through their own origin, serving the appropriate security headers.

What problem are you looking to solve?

I am integrating Paddle Checkout on a page that requires Cross Origin Isolation to access Shared Array Buffers. Hence, my page serves the corresponding COOP and COEP headers.

The checkout page itself does not require access to features that need Cross Origin Isolation, but since it is a Single Page App, I would like to avoid reloading the page before checkout to serving less (!) security headers and load Paddle.js.

Additional context

No response

How important is this suggestion to you?

Important

[vijayasingam-paddle]

Hi @reknih,
Thank you for raising this feedback.
This is related to #22 and I am working towards finding the best solution. I will let you know once it is released.

Thank you.

[vijayasingam-paddle]

Hi @reknih,
Unfortunately, I have some bad news. I am afraid we won't be able to make our checkouts work with cross-origin isolation. Please refer to my comment on the other issue(#22) to know more.

I am going to close this issue as a duplicate. Please follow #22 to get notified when we get to fix this issue.

Sadly, there is very little we can do in this scenario.
Please reach out to us if you need any other help.

Thank you.