Elie Habib 53801cae5c fix(csp): allow Stripe 3D Secure frames + consolidate Dodo CSP entries (#2806) ...

Dodo Payments uses Stripe under the hood for card payment 3D Secure
verification. hooks.stripe.com and js.stripe.com were not in frame-src
or script-src, causing the payment overlay to fail with CSP violations.

Consolidated individual Dodo CSP entries (checkout.dodopayments.com,
test.checkout.dodopayments.com, *.hs.dodopayments.com, etc.) into a
single *.dodopayments.com wildcard per Dodo's recommended allowlist.

2026-04-07 23:47:27 +04:00

23 KiB

Raw Permalink Blame History

View Raw