mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
Remove Stripe from Content-Security-Policy
header (#15891)
Teleport Cloud no longer handles payments via Stripe, so no need to whitelist Stripe in CSP for `script-src` and `frame-src`.
This commit is contained in:
parent
a080039065
commit
d33444e411
|
@ -64,9 +64,6 @@ func SetIndexHTMLHeaders(h http.Header) {
|
|||
// Set content policy flags
|
||||
var cspValue = strings.Join([]string{
|
||||
"default-src 'self'",
|
||||
// cloud version uses stripe.com to update billing information
|
||||
"script-src 'self' https://js.stripe.com",
|
||||
"frame-src https://js.stripe.com",
|
||||
"frame-ancestors 'none'",
|
||||
// 'unsafe-inline' is required by CSS-in-JS to work
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
|
|
Loading…
Reference in a new issue