add paypal to security headers

ThomasJanda · Apr 26, 2020 · 211da58 · 211da58
1 parent a7145bc
commit 211da58
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/Application/views/admin/de/security_lang.php b/Application/views/admin/de/security_lang.php
@@ -6,7 +6,7 @@
 
     'SHOP_MODULE_GROUP_rs-security_main' => 'Standard headers',
     'SHOP_MODULE_rs-security_Strict-Transport-Security' => 'Strict-Transport-Security (Default: max-age=63072000; includeSubDomains; preload)',
-    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
+    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.paypalobjects.com https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
     'SHOP_MODULE_rs-security_X-Content-Type-Options' => 'X-Content-Type-Options (Default: nosniff)',
     'SHOP_MODULE_rs-security_X-Frame-Options' => 'X-Frame-Options (Default: SAMEORIGIN)',
     'SHOP_MODULE_rs-security_X-XSS-Protection' => 'X-XSS-Protection (Default: 1; mode=block)',

diff --git a/Application/views/admin/en/security_lang.php b/Application/views/admin/en/security_lang.php
@@ -6,7 +6,7 @@
 
     'SHOP_MODULE_GROUP_rs-security_main' => 'Standard headers',
     'SHOP_MODULE_rs-security_Strict-Transport-Security' => 'Strict-Transport-Security (Default: max-age=63072000; includeSubDomains; preload)',
-    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
+    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.paypalobjects.com https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
     'SHOP_MODULE_rs-security_X-Content-Type-Options' => 'X-Content-Type-Options (Default: nosniff)',
     'SHOP_MODULE_rs-security_X-Frame-Options' => 'X-Frame-Options (Default: SAMEORIGIN)',
     'SHOP_MODULE_rs-security_X-XSS-Protection' => 'X-XSS-Protection (Default: 1; mode=block)',

diff --git a/metadata.php b/metadata.php
@@ -30,7 +30,7 @@
             'group' => 'rs-security_main',
             'name'  => 'rs-security_Content-Security-Policy',
             'type'  => 'str',
-            'value' => "default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';",
+            'value' => "default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.paypalobjects.com https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';",
         ),
         array(
             'group' => 'rs-security_main',