fix: adapt csp header for subscriptions [ci-skip]

2023-01-13 14:51:16 +01:00 · 2023-01-13 14:51:16 +01:00 · efbfd5c231
parent 91b89645ae
commit efbfd5c231
1 changed files with 1 additions and 1 deletions
--- a/middlewares/security.go
+++ b/middlewares/security.go
@ -6,7 +6,7 @@ import (

 var securityHeaders = map[string]string{
 	"Cross-Origin-Opener-Policy": "same-origin",
-	"Content-Security-Policy":    "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; form-action 'self'; block-all-mixed-content;",
+	"Content-Security-Policy":    "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; form-action 'self' *.stripe.com; block-all-mixed-content;",
 	"X-Frame-Options":            "DENY",
 	"X-Content-Type-Options":     "nosniff",
 }