Problem statement

I’m integrating Calendly’s scheduling widget into my website using the official embed script (<script src="https://assets.calendly.com/assets/external/widget.js"></script>).

When Calendly’s script injects its <iframe> into the DOM, it does not include an allow attribute that permits use of the Payment Request API.

As a result, browsers log the following console warning:

[Violation] Permissions policy violation: payment is not allowed in this document.

and payment methods like Apple Pay and Google Pay do not work inside the embedded Calendly iframe, even when Stripe is connected.

Proposed solution

To fix this, the iframe generated by your embed script should include an attribute like:

<iframe ... allow="payment *; publickey-credentials-get *;"></iframe>

This explicitly enables the Payment Request API (needed for Apple Pay and Google Pay) and WebAuthn within the embed, without relaxing any other permissions.

Would it be possible for your team to update the embed script so that the iframe includes this allow attribute? It would allow users to complete payments via Apple Pay / Google Pay directly in the embedded scheduling flow, without needing to open Calendly in a new tab.

Thank you for your time — this small change would significantly improve the integration experience for developers using Calendly + Stripe.

Best regards.