Skip to content

Commit ccf9013

Browse files
DaverballDaverball
authored
Org: Fixes CSP for Stripe/Datatrans payments
TYPE: Bugfix LINK: OGC-2948
1 parent 111eac3 commit ccf9013

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

src/onegov/org/app.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -555,6 +555,10 @@ def get_theme() -> OrgTheme:
555555
def org_content_security_policy() -> ContentSecurityPolicy:
556556
policy = default_content_security_policy()
557557

558+
policy.script_src.add('https://checkout.stripe.com')
559+
policy.script_src.add('https://pay.datatrans.com')
560+
policy.script_src.add('https://pay.sandbox.datatrans.com')
561+
558562
policy.child_src.add(SELF)
559563
policy.child_src.add('https://*.youtube.com')
560564
policy.child_src.add('https://*.vimeo.com')

0 commit comments

Comments
 (0)