fix csp on strip checkout page
parent
a9403f93f8
commit
39e65f16eb
|
@ -103,7 +103,7 @@ trait AssetHelper { self: I18nHelper =>
|
||||||
|
|
||||||
def defaultCsp(implicit ctx: Context): ContentSecurityPolicy = {
|
def defaultCsp(implicit ctx: Context): ContentSecurityPolicy = {
|
||||||
implicit val req = ctx.req
|
implicit val req = ctx.req
|
||||||
basicCsp.withScriptSrc(ctx.nonce.scriptSrc)
|
basicCsp.withNonce(ctx.nonce)
|
||||||
}
|
}
|
||||||
|
|
||||||
def embedJsUnsafe(js: String)(implicit ctx: Context): Html = Html {
|
def embedJsUnsafe(js: String)(implicit ctx: Context): Html = Html {
|
||||||
|
|
|
@ -15,7 +15,7 @@ atom: Option[Html] = None,
|
||||||
chessground: Boolean = true,
|
chessground: Boolean = true,
|
||||||
zoomable: Boolean = false,
|
zoomable: Boolean = false,
|
||||||
asyncJs: Boolean = false,
|
asyncJs: Boolean = false,
|
||||||
csp: Option[String] = None)(body: Html)(implicit ctx: Context)
|
csp: Option[lila.common.ContentSecurityPolicy] = None)(body: Html)(implicit ctx: Context)
|
||||||
<!doctype html>
|
<!doctype html>
|
||||||
<html lang="@lang.language">
|
<html lang="@lang.language">
|
||||||
<!-- Lichess is open source! See https://github.com/ornicar/lila -->
|
<!-- Lichess is open source! See https://github.com/ornicar/lila -->
|
||||||
|
|
|
@ -29,7 +29,8 @@ moreJs = moreJs,
|
||||||
openGraph = lila.app.ui.OpenGraph(
|
openGraph = lila.app.ui.OpenGraph(
|
||||||
title = title,
|
title = title,
|
||||||
url = s"$netBaseUrl${routes.Plan.index.url}",
|
url = s"$netBaseUrl${routes.Plan.index.url}",
|
||||||
description = "Free chess for everyone, forever!").some) {
|
description = "Free chess for everyone, forever!").some,
|
||||||
|
csp = defaultCsp.withStripe.some) {
|
||||||
<div class="content_box no_padding plan">
|
<div class="content_box no_padding plan">
|
||||||
@patron.ifTrue(ctx.me.??(_.isPatron)).map { p =>
|
@patron.ifTrue(ctx.me.??(_.isPatron)).map { p =>
|
||||||
<div class="banner one_time_active">
|
<div class="banner one_time_active">
|
||||||
|
|
|
@ -10,7 +10,15 @@ case class ContentSecurityPolicy(
|
||||||
scriptSrc: List[String]
|
scriptSrc: List[String]
|
||||||
) {
|
) {
|
||||||
|
|
||||||
def withScriptSrc(source: String) = copy(scriptSrc = source :: scriptSrc)
|
private def withScriptSrc(source: String) = copy(scriptSrc = source :: scriptSrc)
|
||||||
|
|
||||||
|
def withNonce(nonce: Nonce) = withScriptSrc(nonce.scriptSrc)
|
||||||
|
|
||||||
|
def withStripe = copy(
|
||||||
|
connectSrc = "https://*.stripe.com" :: connectSrc,
|
||||||
|
scriptSrc = "https://*.stripe.com" :: scriptSrc,
|
||||||
|
childSrc = "https://*.stripe.com" :: childSrc
|
||||||
|
)
|
||||||
|
|
||||||
override def toString: String =
|
override def toString: String =
|
||||||
List(
|
List(
|
||||||
|
|
Loading…
Reference in New Issue