soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix PayPal billing flow and mobile admin UX
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-02-05 10:19:29 +01:00
parent c43327af74
commit 0d7a861875
39 changed files with 1630 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Middleware/ContentSecurityPolicy.php
View File

@@ -81,6 +81,18 @@ class ContentSecurityPolicy
'https:',
];
$paypalSources = [
'https://www.paypal.com',
'https://www.paypalobjects.com',
'https://*.paypal.com',
'https://*.paypalobjects.com',
];
$scriptSources = array_merge($scriptSources, $paypalSources);
$connectSources = array_merge($connectSources, $paypalSources);
$frameSources = array_merge($frameSources, $paypalSources);
$imgSources = array_merge($imgSources, $paypalSources);
if ($matomoOrigin) {
$scriptSources[] = $matomoOrigin;
$connectSources[] = $matomoOrigin;
@@ -90,6 +102,18 @@ class ContentSecurityPolicy
$isDev = app()->environment(['local', 'development']) || config('app.debug');
if ($isDev) {
$paypalSandboxSources = [
'https://www.sandbox.paypal.com',
'https://www.sandbox.paypalobjects.com',
'https://*.sandbox.paypal.com',
'https://*.sandbox.paypalobjects.com',
];
$scriptSources = array_merge($scriptSources, $paypalSandboxSources);
$connectSources = array_merge($connectSources, $paypalSandboxSources);
$frameSources = array_merge($frameSources, $paypalSandboxSources);
$imgSources = array_merge($imgSources, $paypalSandboxSources);
$devHosts = [
'http://fotospiel-app.test:5173',
'http://127.0.0.1:5173',