Skip to content

Commit 63effa2

Browse files
author
AutoVenv Developer
committed
fix(csp): allow unsafe-inline for script-src to resolve Stripe.js conflicts
1 parent 6d2f689 commit 63effa2

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/middleware.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ const SECURITY_HEADERS: Record<string, string> = {
2323
const CSP = [
2424
"default-src 'self'",
2525
"connect-src 'self' https://api.stripe.com https://*.stripe.com https://evalion.free.nf",
26-
"script-src 'self' https://js.stripe.com",
26+
"script-src 'self' https://js.stripe.com 'unsafe-inline'",
2727
"style-src 'self' 'unsafe-inline'",
2828
"img-src 'self' data: blob:",
2929
"frame-src https://js.stripe.com https://hooks.stripe.com",

0 commit comments

Comments
 (0)