From b6e65e7356648ca5c89b0d9e23edee1273b36974 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Mon, 19 Dec 2022 14:53:46 +0100
Subject: [PATCH] PPv2: Fix CSP issue in 3D secure verification

---
 src/pretix/plugins/paypal2/signals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pretix/plugins/paypal2/signals.py b/src/pretix/plugins/paypal2/signals.py
index 5470f5dc8..ffa7abe4a 100644
--- a/src/pretix/plugins/paypal2/signals.py
+++ b/src/pretix/plugins/paypal2/signals.py
@@ -161,7 +161,7 @@ def signal_process_response(sender, request: HttpRequest, response: HttpResponse
             'frame-src': ['https:', "'nonce-{}'".format(_nonce(request))],
             'connect-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com'],  # Or not - seems to only affect PayPal logging...
             'img-src': ['https://t.paypal.com'],
-            'style-src': ["'nonce-{}'".format(_nonce(request))]
+            'style-src': ["'unsafe-inline'"]  # PayPal does not comply with our nonce unfortunately, see Z#23113213
         }
 
         _merge_csp(h, csps)