CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Add t.paypal.com to img-src CSP

Browse Source
This commit is contained in:
Martin Gross
2022-06-01 10:07:55 +02:00
parent e20c2c56f0
commit d8e96c16bb
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/pretix/plugins/paypal2/signals.py
View File

@@ -149,6 +149,7 @@ def signal_process_response(sender, request: HttpRequest, response: HttpResponse
'script-src': ['https://www.paypal.com', "'nonce-{}'".format(_nonce(request))],
'frame-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com', "'nonce-{}'".format(_nonce(request))],
'connect-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com'], # Or not - seems to only affect PayPal logging...
'img-src': ['https://t.paypal.com'],
'style-src': ["'nonce-{}'".format(_nonce(request))]
}