From 493fc03686ac024a5e0321e1c5603763e188f3f5 Mon Sep 17 00:00:00 2001
From: Richard Schreiber <schreiber@rami.io>
Date: Tue, 9 Jul 2024 09:26:46 +0200
Subject: [PATCH] Fix PayPal CSP img-src

---
 src/pretix/plugins/paypal2/signals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pretix/plugins/paypal2/signals.py b/src/pretix/plugins/paypal2/signals.py
index a1d3ef3767..50ca242cf7 100644
--- a/src/pretix/plugins/paypal2/signals.py
+++ b/src/pretix/plugins/paypal2/signals.py
@@ -163,7 +163,7 @@ def signal_process_response(sender, request: HttpRequest, response: HttpResponse
             # 'frame-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com', "'nonce-{}'".format(_nonce(request))],
             'frame-src': ['https:', "'nonce-{}'".format(_nonce(request))],
             'connect-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com'],  # Or not - seems to only affect PayPal logging...
-            'img-src': ['https://t.paypal.com'],
+            'img-src': ['https://t.paypal.com', 'https://www.paypalobjects.com'],
             'style-src': ["'unsafe-inline'"]  # PayPal does not comply with our nonce unfortunately, see Z#23113213
         }