From 9e95f3be1be4de39742967ced4be2099ad443cfc Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Fri, 28 Jul 2023 16:49:11 +0200
Subject: [PATCH] Wallet detection: Extend CSP header for google pay

---
 src/pretix/base/middleware.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 80eaa2951f..7338a818a7 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -271,6 +271,8 @@ class SecurityMiddleware(MiddlewareMixin):
                 (url.url_name == "event.checkout" and url.kwargs['step'] == "payment")
         ):
             h['script-src'].append('https://pay.google.com')
+            h['frame-src'].append('https://pay.google.com')
+            h['connect-src'].append('https://google.com/pay')
         if settings.LOG_CSP:
             h['report-uri'] = ["/csp_report/"]
         if 'Content-Security-Policy' in resp: