From efbfd5c2312ded41d882b5600d1f89c9a7be91cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ferdinand=20M=C3=BCtsch?= <ferdinand@muetsch.io>
Date: Fri, 13 Jan 2023 14:51:16 +0100
Subject: [PATCH] fix: adapt csp header for subscriptions [ci-skip]

---
 middlewares/security.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/middlewares/security.go b/middlewares/security.go
index 3727c57..bdbd5b8 100644
--- a/middlewares/security.go
+++ b/middlewares/security.go
@@ -6,7 +6,7 @@ import (
 
 var securityHeaders = map[string]string{
 	"Cross-Origin-Opener-Policy": "same-origin",
-	"Content-Security-Policy":    "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; form-action 'self'; block-all-mixed-content;",
+	"Content-Security-Policy":    "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; form-action 'self' *.stripe.com; block-all-mixed-content;",
 	"X-Frame-Options":            "DENY",
 	"X-Content-Type-Options":     "nosniff",
 }