From d8e96c16bb3be8598663adcb0d4e4f1234dfccc0 Mon Sep 17 00:00:00 2001 From: Martin Gross Date: Wed, 1 Jun 2022 10:07:55 +0200 Subject: [PATCH] Add t.paypal.com to img-src CSP --- src/pretix/plugins/paypal2/signals.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pretix/plugins/paypal2/signals.py b/src/pretix/plugins/paypal2/signals.py index e561c3bca5..a35c458db9 100644 --- a/src/pretix/plugins/paypal2/signals.py +++ b/src/pretix/plugins/paypal2/signals.py @@ -149,6 +149,7 @@ def signal_process_response(sender, request: HttpRequest, response: HttpResponse 'script-src': ['https://www.paypal.com', "'nonce-{}'".format(_nonce(request))], 'frame-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com', "'nonce-{}'".format(_nonce(request))], 'connect-src': ['https://www.paypal.com', 'https://www.sandbox.paypal.com'], # Or not - seems to only affect PayPal logging... + 'img-src': ['https://t.paypal.com'], 'style-src': ["'nonce-{}'".format(_nonce(request))] }