Stripe apparently needs frame and image transport

2016-04-10 17:36:20 +02:00
parent 02fb27fa5d
commit 10e31bdf32
1 changed files with 2 additions and 2 deletions
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -149,9 +149,9 @@ class SecurityMiddleware:
            'default-src': "{static}",
            'script-src': '{static} https://js.stripe.com',
            'object-src': "'none'",
-            'frame-src': "'none'",
+            'frame-src': '{static} https://js.stripe.com',
            'style-src': "{static}",
-            'img-src': "{static} data:",
+            'img-src': "{static} data: https://*.stripe.com",
            'form-action': "{dynamic}",
        }
        if 'Content-Security-Policy' in resp: