OCC-233: Add StripeContentSecurityPolicyProvider (#425)

Co-authored-by: Zoltán Lehóczky <[email protected]>
OrchardCMS · Apr 16, 2024 · db85d6a · db85d6a
1 parent 63654f8
commit db85d6a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/...dules/OrchardCore.Commerce.Payment.Stripe/Services/StripeContentSecurityPolicyProvider.cs b/...dules/OrchardCore.Commerce.Payment.Stripe/Services/StripeContentSecurityPolicyProvider.cs
@@ -0,0 +1,25 @@
+using Lombiq.HelpfulLibraries.AspNetCore.Security;
+using Microsoft.AspNetCore.Http;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+using static Lombiq.HelpfulLibraries.AspNetCore.Security.ContentSecurityPolicyDirectives;
+
+namespace OrchardCore.Commerce.Payment.Stripe.Services;
+
+public class StripeContentSecurityPolicyProvider : IContentSecurityPolicyProvider
+{
+    public ValueTask UpdateAsync(IDictionary<string, string> securityPolicies, HttpContext context)
+    {
+        securityPolicies[ScriptSrc] = ContentSecurityPolicyProvider
+            .GetDirective(securityPolicies, ScriptSrc)
+            .MergeWordSets("https://js.stripe.com/");
+
+        securityPolicies[FrameSrc] = ContentSecurityPolicyProvider
+            .GetDirective(securityPolicies, FrameSrc)
+            .MergeWordSets("https://js.stripe.com/");
+
+        return ValueTask.CompletedTask;
+    }
+}
diff --git a/src/Modules/OrchardCore.Commerce.Payment.Stripe/Startup.cs b/src/Modules/OrchardCore.Commerce.Payment.Stripe/Startup.cs
@@ -38,5 +38,7 @@ public override void ConfigureServices(IServiceCollection services)
         services.AddScoped<IOrderContentTypeDefinitionExclusionProvider, StripeOrderContentTypeDefinitionExclusionProvider>();
 
         services.Configure<TemplateOptions>(option => option.MemberAccessStrategy.Register<StripePaymentProviderData>());
+
+        services.AddContentSecurityPolicyProvider<StripeContentSecurityPolicyProvider>();
     }
 }