def signal_process_response(sender, request: HttpRequest,
response: HttpResponse, **kwargs):
if 'Content-Security-Policy' in response:
h = _parse_csp(response['Content-Security-Policy'])
else:
h = {}
sources = [
'frame-src', 'style-src', 'script-src', 'img-src', 'connect-src'
]
envs = ['test', 'live', 'live-au', 'live-us']
csps = {
src:
['https://checkoutshopper-{}.adyen.com'.format(env) for env in envs]
for src in sources
}
# Adyen unfortunatly applies styles through their script-src
# Also, the unsafe-inline needs to specified within single quotes!
csps['style-src'].append("'unsafe-inline'")
_merge_csp(h, csps)
if h:
response['Content-Security-Policy'] = _render_csp(h)
return response
def process_response(self, request, resp):
h = {
'script-src': [
# Whitelist siteimprove urls in CSP.
'https://siteimproveanalytics.com', 'https://*.siteimprove.com',
# Whitelist cookieinformation urls and inline scripts.
'https://*.cookieinformation.com', '\'unsafe-inline\'', '\'unsafe-eval\''
],
'connect-src': ['https://*.cookieinformation.com'],
'frame-src': ['https://*.cookieinformation.com'],
'img-src': [
'https://*.siteimprove.com',
# The cookie consent form loads an image.
'https://*.aarhus.dk'
],
# Siteimprove adds inline styling.
'style-src': ['\'unsafe-inline\''],
}
# Copied from super().process_response
if 'Content-Security-Policy' in resp:
_merge_csp(h, _parse_csp(resp['Content-Security-Policy']))
resp['Content-Security-Policy'] = _render_csp(h)
return super().process_response(request, resp)
def signal_process_response(sender, request: HttpRequest,
response: HttpResponse, **kwargs):
if 'Content-Security-Policy' in response:
h = _parse_csp(response['Content-Security-Policy'])
else:
h = {}
_merge_csp(h, {
'frame-src': ['https://map.closer2event.com'],
})
if h:
response['Content-Security-Policy'] = _render_csp(h)
return response
def signal_process_response(sender, request: HttpRequest,
response: HttpResponse, **kwargs):
provider = WirecardSettingsHolder(sender)
url = resolve(request.path_info)
if provider.settings.get(
'_enabled', as_type=bool) and ("checkout" in url.url_name
or "order.pay" in url.url_name):
if 'Content-Security-Policy' in response:
h = _parse_csp(response['Content-Security-Policy'])
else:
h = {}
_merge_csp(h, {
'form-action': ['checkout.wirecard.com'],
})
if h:
response['Content-Security-Policy'] = _render_csp(h)
return response
def signal_process_response(sender, request, response, **kwargs):
# TODO: enable js only when question is asked
# url = resolve(request.path_info)
h = {}
if 'Content-Security-Policy' in response:
h = _parse_csp(response['Content-Security-Policy'])
_merge_csp(
h,
{
'style-src': [
"'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
"'sha256-O+AX3tWIOimhuzg+lrMfltcdtWo7Mp2Y9qJUkE6ysWE='",
],
# Chrome correctly errors out without this CSP
'connect-src': [
"wss://bridge.walletconnect.org/",
],
'manifest-src': ["'self'"],
})
response['Content-Security-Policy'] = _render_csp(h)
return response
def signal_process_response(sender, request: HttpRequest,
response: HttpResponse, **kwargs):
from .payment import BraintreeCC
provider = BraintreeCC(sender)
url = resolve(request.path_info)
if provider.is_enabled and ("checkout" in url.url_name
or "order.pay" in url.url_name):
if 'Content-Security-Policy' in response:
h = _parse_csp(response['Content-Security-Policy'])
else:
h = {}
_merge_csp(
h, {
'script-src': [
'js.braintreegateway.com', 'assets.braintreegateway.com',
'www.paypalobjects.com'
],
'img-src': [
'assets.braintreegateway.com', 'checkout.paypal.com',
'data:'
],
'child-src': ['assets.braintreegateway.com', 'c.paypal.com'],
'frame-src': ['assets.braintreegateway.com', 'c.paypal.com'],
'connect-src': [
'api.sandbox.braintreegateway.com',
'api.braintreegateway.com',
'client-analytics.braintreegateway.com',
'client-analytics.sandbox.braintreegateway.com'
],
})
if h:
response['Content-Security-Policy'] = _render_csp(h)
return response
