Add paypal to CSP rules

RESOLVED FIXED in Q3 2011

Status

RESOLVED FIXED
8 years ago
3 years ago

People

(Reporter: clouserw, Assigned: clouserw)

Tracking

unspecified
Q3 2011

Details

(Whiteboard: [paypal])

(Assignee)

Description

8 years ago
We're using "Embedded Payments" from the "Adaptive Payments Guide" - https://www.x.com/community/ppx/documentation?view=overview

At a minimum we need to whitelist js, iframes, and images.  Probably other stuff too.
(Assignee)

Updated

8 years ago
Assignee: nobody → clouserw
Target Milestone: 4.x (triaged) → 6.0.5

Comment 1

8 years ago
We've got some already, just need to make sure right url sandbox vs production.

https://addons.allizom.org/z/en-US/admin/settings#csp_frame_src
(Assignee)

Comment 2

8 years ago
I saw the constants, but that means we need to parse out the domain which is ugly.  My current patch just puts the domains in directly.

Comment 3

8 years ago
Sounds good.
(Assignee)

Updated

8 years ago
Target Milestone: 6.0.5 → Q2 2011
(Assignee)

Comment 4

8 years ago
I added the script src.  I was dragging my feet on the frame-src because it would have to be paypal.com, www.paypal.com, and ic.paypal.com because of all the crazy redirects.  Since the redirects were brought up in bug 643511, I was hoping that would solve our issue without the extra white listing.
(Assignee)

Updated

8 years ago
Blocks: 594584
(Assignee)

Updated

8 years ago
Whiteboard: [paypal]
Target Milestone: Q2 2011 → Q3 2011
(Assignee)

Comment 5

7 years ago
Going to call this fixed.  We'll add anything new that shows up when we push, but on -dev everything is sync'd up and looks fine.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.