CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Stripe: Optional support for Stripe checkout

Browse Source
This commit is contained in:
Raphael Michel
2016-09-09 10:20:30 +02:00
parent e0f0a3a87f
commit 84d264d626
7 changed files with 131 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/pretix/base/middleware.py
View File

@@ -155,10 +155,11 @@ class SecurityMiddleware:
resp['X-XSS-Protection'] = '1'
h = {
'default-src': "{static}",
'script-src': '{static} https://js.stripe.com',
'script-src': '{static} https://checkout.stripe.com https://js.stripe.com',
'object-src': "'none'",
'frame-src': '{static} https://js.stripe.com',
'frame-src': '{static} https://checkout.stripe.com https://js.stripe.com',
'style-src': "{static}",
'connect-src': "{dynamic} https://checkout.stripe.com",
'img-src': "{static} data: https://*.stripe.com",
# form-action is not only used to match on form actions, but also on URLs
# form-ations redirect to. In the context of e.g. payment providers or