CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

PPv2: Fix CSP issue in 3D secure verification

Browse Source
This commit is contained in:
Raphael Michel
2022-12-19 14:53:46 +01:00
parent 5d82305e18
commit b6e65e7356
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/plugins/paypal2/signals.py
View File

@@ -161,7 +161,7 @@ def signal_process_response(sender, request: HttpRequest, response: HttpResponse
'frame-src': ['https:', "'nonce-{}'".format(_nonce(request))],
'connect-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com'], # Or not - seems to only affect PayPal logging...
'img-src': ['https://t.paypal.com'],
'style-src': ["'nonce-{}'".format(_nonce(request))]
'style-src': ["'unsafe-inline'"] # PayPal does not comply with our nonce unfortunately, see Z#23113213
}
_merge_csp(h, csps)