fix csp on strip checkout page
parent
a9403f93f8
commit
39e65f16eb
|
@ -103,7 +103,7 @@ trait AssetHelper { self: I18nHelper =>
|
|||
|
||||
def defaultCsp(implicit ctx: Context): ContentSecurityPolicy = {
|
||||
implicit val req = ctx.req
|
||||
basicCsp.withScriptSrc(ctx.nonce.scriptSrc)
|
||||
basicCsp.withNonce(ctx.nonce)
|
||||
}
|
||||
|
||||
def embedJsUnsafe(js: String)(implicit ctx: Context): Html = Html {
|
||||
|
|
|
@ -15,7 +15,7 @@ atom: Option[Html] = None,
|
|||
chessground: Boolean = true,
|
||||
zoomable: Boolean = false,
|
||||
asyncJs: Boolean = false,
|
||||
csp: Option[String] = None)(body: Html)(implicit ctx: Context)
|
||||
csp: Option[lila.common.ContentSecurityPolicy] = None)(body: Html)(implicit ctx: Context)
|
||||
<!doctype html>
|
||||
<html lang="@lang.language">
|
||||
<!-- Lichess is open source! See https://github.com/ornicar/lila -->
|
||||
|
|
|
@ -29,7 +29,8 @@ moreJs = moreJs,
|
|||
openGraph = lila.app.ui.OpenGraph(
|
||||
title = title,
|
||||
url = s"$netBaseUrl${routes.Plan.index.url}",
|
||||
description = "Free chess for everyone, forever!").some) {
|
||||
description = "Free chess for everyone, forever!").some,
|
||||
csp = defaultCsp.withStripe.some) {
|
||||
<div class="content_box no_padding plan">
|
||||
@patron.ifTrue(ctx.me.??(_.isPatron)).map { p =>
|
||||
<div class="banner one_time_active">
|
||||
|
|
|
@ -10,7 +10,15 @@ case class ContentSecurityPolicy(
|
|||
scriptSrc: List[String]
|
||||
) {
|
||||
|
||||
def withScriptSrc(source: String) = copy(scriptSrc = source :: scriptSrc)
|
||||
private def withScriptSrc(source: String) = copy(scriptSrc = source :: scriptSrc)
|
||||
|
||||
def withNonce(nonce: Nonce) = withScriptSrc(nonce.scriptSrc)
|
||||
|
||||
def withStripe = copy(
|
||||
connectSrc = "https://*.stripe.com" :: connectSrc,
|
||||
scriptSrc = "https://*.stripe.com" :: scriptSrc,
|
||||
childSrc = "https://*.stripe.com" :: childSrc
|
||||
)
|
||||
|
||||
override def toString: String =
|
||||
List(
|
||||
|
|
Loading…
Reference in New Issue