From 01a679255c9852bdf3bf106f6b280bf67bbe862c Mon Sep 17 00:00:00 2001
From: Joseph Plukarski <jplukarski@paypal.com>
Date: Tue, 28 Nov 2023 14:34:33 -0600
Subject: [PATCH] Update Google Pay CSP Directives (#914)

* Update Google Pay CSP Directives

* Update Changelog

* Add GooglePay CSP directive note
---
 CHANGELOG.md  | 1 +
 jsdoc/Home.md | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f837b641..af60b118 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
     - Add `aria-hidden` attribute to generic card icon
     - Add `aria-required` attribute to Hosted Fields
   - Update browser-detection to v1.17.1
+  - Update Google Pay CSP Directives
   - Updated Apple Pay logo to scale correctly
 
 ## 1.40.2
diff --git a/jsdoc/Home.md b/jsdoc/Home.md
index 0a84ef75..de3f0984 100644
--- a/jsdoc/Home.md
+++ b/jsdoc/Home.md
@@ -164,9 +164,12 @@ If using [Google Pay](module-braintree-web-drop-in.html#~googlePayCreateOptions)
 |-------------|-----------------|-----------------|
 | script-src  | pay.google.com  | pay.google.com  |
 | style-src   | 'unsafe-inline' | 'unsafe-inline' |
+| connect-src | pay.google.com<br/>https://google.com/pay<br/>https://pay.google.com<br/>https://pay.google.com/about/redirect/ | pay.google.com<br/>https://google.com/pay<br/>https://pay.google.com<br/>https://pay.google.com/about/redirect/ |
 
 The `style-src` directive is required so that the styles for the Google Pay button can be generated by the Google Pay SDK. You may omit this directive, so long as you include style rules for the Google Pay button to satisfy [Google's brand guidelines](https://developers.google.com/pay/api/web/guides/brand-guidelines#payment-buttons).
 
+If Google adds redirects or changes URLs related to the Google Pay component, the domains or URLs in these directives may change.
+
 ### 3D Secure Specific Directives
 
 If using [3D Secure](module-braintree-web-drop-in.html#~threeDSecureOptions), include these additional directives: