add nonce to pricing-table.js

This commit is contained in:
Blake Erickson 2024-04-24 11:38:56 -06:00
parent d6c4ec21ae
commit 7fe7be7ef8
1 changed files with 9 additions and 3 deletions

View File

@ -21,11 +21,17 @@ register_svg_icon "far-credit-card" if respond_to?(:register_svg_icon)
register_html_builder("server:before-head-close") do |controller| register_html_builder("server:before-head-close") do |controller|
"<script src='https://js.stripe.com/v3/' nonce='#{controller.helpers.csp_nonce_placeholder}'></script>" "<script src='https://js.stripe.com/v3/' nonce='#{controller.helpers.csp_nonce_placeholder}'></script>"
end end
register_html_builder("server:before-head-close") do register_html_builder("server:before-head-close") do |controller|
'<script async src="https://js.stripe.com/v3/pricing-table.js"></script>' "<script async src='https://js.stripe.com/v3/pricing-table.js' nonce='#{controller.helpers.csp_nonce_placeholder}'></script>"
end end
extend_content_security_policy(script_src: %w[https://js.stripe.com/v3/ https://hooks.stripe.com https://js.stripe.com/v3/pricing-table.js]) extend_content_security_policy(
script_src: %w[
https://js.stripe.com/v3/
https://hooks.stripe.com
https://js.stripe.com/v3/pricing-table.js
],
)
add_admin_route "discourse_subscriptions.admin_navigation", "discourse-subscriptions.plans" add_admin_route "discourse_subscriptions.admin_navigation", "discourse-subscriptions.plans"