From 10e31bdf32a51b49d15cf434d60ace09e8872ad9 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Sun, 10 Apr 2016 17:36:20 +0200
Subject: [PATCH] Stripe apparently needs frame and image transport

---
 src/pretix/base/middleware.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 313ba60361..459d5e996c 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -149,9 +149,9 @@ class SecurityMiddleware:
             'default-src': "{static}",
             'script-src': '{static} https://js.stripe.com',
             'object-src': "'none'",
-            'frame-src': "'none'",
+            'frame-src': '{static} https://js.stripe.com',
             'style-src': "{static}",
-            'img-src': "{static} data:",
+            'img-src': "{static} data: https://*.stripe.com",
             'form-action': "{dynamic}",
         }
         if 'Content-Security-Policy' in resp: