self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 17:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove Stripe from Content-Security-Policy header (#15891)

Browse source 
Teleport Cloud no longer handles payments via Stripe, so no need to whitelist Stripe in CSP for `script-src` and `frame-src`.
This commit is contained in:
Reed Loden 2022-09-13 15:59:23 -07:00 committed by GitHub
parent a080039065
commit d33444e411
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/httplib/httpheaders.go
View file

@ -64,9 +64,6 @@ func SetIndexHTMLHeaders(h http.Header) {
// Set content policy flags
var cspValue = strings.Join([]string{
"default-src 'self'",
// cloud version uses stripe.com to update billing information
"script-src 'self' https://js.stripe.com",
"frame-src https://js.stripe.com",
"frame-ancestors 'none'",
// 'unsafe-inline' is required by CSS-in-JS to work
"style-src 'self' 'unsafe-inline'",