"Blocked autofocusing on a element in a cross-origin subframe" due to CSP headers

Problem Statement

You see "Blocked autofocusing on a element in a cross-origin subframe" in the Chrome console when opening the Chargebee portal. You want to configure Content Security Policy (CSP) headers correctly.

Solution

If your CSP headers include only Chargebee domains, payment gateway URLs (e.g., Cybersource) can be blocked. Add the gateway's CSP headers as well. See Content security policy for the Checkout page.

Chargebee CSP basics:

script-src: https://js.chargebee.com/v2/chargebee.js
frame-src: Include Chargebee and your payment gateway domains
script-src and style-src: Add the payment gateway's CSP policy in addition to .chargebee.com

Configuring Single Page checkout - Hosted pages V2

How do I remove autofill of address fields in Checkout or portal?

How can I add or remove ‘Go to App’ from the self-service portal?

What is the hosted pages/checkout pages of Chargebee?