[ECP-9530] Update CSP domain allow list (#2785)

* [ECP-9530] Add Amazon Pay domains * [ECP-9530] Add Amazon Pay domains * [ECP-9530] Update CSP allowlist * [ECP-9530] Remove unsafe external resources --------- Co-authored-by: Can Demiralp <[email protected]>
Adyen · Oct 30, 2024 · eb96589 · eb96589
1 parent 79b2a53
commit eb96589
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
@@ -5,30 +5,42 @@
             <values>
                 <value id="adyen" type="host">*.adyen.com</value>
                 <value id="googlepay" type="host">pay.google.com</value>
+                <value id="amazonpay" type="host">*.payments-amazon.com</value>
+                <value id="paypal" type="host">*.paypal.com</value>
+                <value id="ratepay" type="host">*.ratepay.com</value>
             </values>
         </policy>
         <policy id="frame-src">
             <values>
                 <value id="adyen" type="host">*.adyen.com</value>
                 <value id="googlepay" type="host">pay.google.com</value>
+                <value id="paypal" type="host">*.paypal.com</value>
             </values>
         </policy>
         <policy id="img-src">
             <values>
                 <value id="adyen" type="host">*.adyen.com</value>
                 <value id="googlepay" type="host">pay.google.com</value>
+                <value id="amazonpay" type="host">*.payments-amazon.com</value>
+                <value id="amazonpay-media" type="host">*.media-amazon.com</value>
+                <value id="paypal-objects" type="host">*.paypalobjects.com</value>
             </values>
         </policy>
         <policy id="connect-src">
             <values>
                 <value id="adyen" type="host">*.adyen.com</value>
-                <value id="googlepay" type="host">pay.google.com</value>
+                <value id="google-wc" type="host">*.google.com</value>
+                <value id="google" type="host">google.com</value>
+                <value id="amazonpay" type="host">payments-eu.amazon.com</value>
+                <value id="paypal" type="host">*.paypal.com</value>
             </values>
         </policy>
         <policy id="form-action">
             <values>
                 <value id="adyen" type="host">*.adyen.com</value>
                 <value id="googlepay" type="host">pay.google.com</value>
+                <value id="amazonpay-eu" type="host">payments-eu.amazon.com</value>
+                <value id="amazonpay-de" type="host">payments.amazon.de</value>
             </values>
         </policy>
     </policies>