We're using "Embedded Payments" from the "Adaptive Payments Guide" - https://www.x.com/community/ppx/documentation?view=overview At a minimum we need to whitelist js, iframes, and images. Probably other stuff too.
Assignee: nobody → clouserw
Target Milestone: 4.x (triaged) → 6.0.5
We've got some already, just need to make sure right url sandbox vs production. https://addons.allizom.org/z/en-US/admin/settings#csp_frame_src
I saw the constants, but that means we need to parse out the domain which is ugly. My current patch just puts the domains in directly.
I added the script src. I was dragging my feet on the frame-src because it would have to be paypal.com, www.paypal.com, and ic.paypal.com because of all the crazy redirects. Since the redirects were brought up in bug 643511, I was hoping that would solve our issue without the extra white listing.
Target Milestone: Q2 2011 → Q3 2011
Going to call this fixed. We'll add anything new that shows up when we push, but on -dev everything is sync'd up and looks fine.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.