Revert "[FIX] applepay_fast_checkout, payment_hyperpay: use local jquery to prevent CSP violation"

This reverts commit 33f97cdf9d.
2025-10-14 18:21:19 +03:00 · 2025-10-14 18:21:19 +03:00 · 04b6ad0654
parent d395815ad8
commit 04b6ad0654
2 changed files with 6 additions and 11 deletions
--- a/odex25_donation/applepay_fast_checkout/controllers/main.py
+++ b/odex25_donation/applepay_fast_checkout/controllers/main.py
@ -18,13 +18,8 @@ class ApplePayFastCheckout(Controller):

        integrity = requests.get(f'{url}/v1/fastcheckout/integrity').json().get('integrity', '')

-        response = request.render("applepay_fast_checkout.apple_pay_iframe", {
-            'hyperpay_src': f"{url}/v1/paymentWidgets.js", 
-            'merchant_id': acquirer_id.applepay_entity_id, 
-            'script_nonce': nonce,  
-            'integrity': integrity
-        })
-        # response.headers['Content-Security-Policy'] = "script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*; worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*;connect-src 'self' https://* wss://*;frame-src 'self' blob: https://*;"
+        response = request.render("applepay_fast_checkout.apple_pay_iframe", {'hyperpay_src': f"{url}/v1/paymentWidgets.js", 'merchant_id': acquirer_id.applepay_entity_id, 'nonce': nonce, 'integrity': integrity})
+        response.headers['Content-Security-Policy'] = "script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*; worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*;connect-src 'self' https://* wss://*;frame-src 'self' blob: https://*;"

        return response

--- a/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml
+++ b/odex25_donation/applepay_fast_checkout/views/applepay_iframe.xml
@ -8,16 +8,16 @@
                    t-attf-content="
                    style-src 'self' https://*.oppwa.com 'unsafe-inline';
                    frame-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com;
-                    script-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com 'nonce-{{script_nonce}}';
+                    script-src 'self' https://*.oppwa.com https://applepay.cdn-apple.com 'nonce-{{nonce}}';
                    connect-src 'self' https://*.oppwa.com;
                    img-src 'self' https://*.oppwa.com;" />

                <script t-att-src="hyperpay_src" t-att-integrity="integrity" crossorigin="anonymous" />
-                <script src="/web/static/lib/jquery/jquery.js" t-att-nonce="script_nonce" />
-                <script t-att-nonce="script_nonce">
+                <script src="/web/static/lib/jquery/jquery.js" t-att-nonce="nonce" />
+                <script>
                    merchant_id = "<t t-esc="merchant_id" />";
                </script>
-                <script src="/applepay_fast_checkout/static/src/js/applepay_iframe.js" t-att-nonce="script_nonce"/>
+                <script src="/applepay_fast_checkout/static/src/js/applepay_iframe.js" t-att-nonce="nonce"/>
                <link rel="stylesheet" href="/applepay_fast_checkout/static/src/css/applepay_iframe_content.css" />
            </head>
            <body>