manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(billing): allow Razorpay Checkout domains in CSP

Browse source 
Checkout.razorpay.com script + payment iframe were blocked by CSP
(CHECKOUT_LOAD_FAILED). Added Razorpay to:
- script-src: https://checkout.razorpay.com
- frame-src:  https://*.razorpay.com https://api.razorpay.com (payment iframe)
- connect-src: https://*.razorpay.com + lumberjack.razorpay.com (telemetry)
- img-src:    https://*.razorpay.com (payment-method logos)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-06-06 12:59:38 +05:30
parent 3604f7314d
commit 80390e7f13
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
next.config.ts
View file

@ -22,10 +22,11 @@ const nextConfig: NextConfig = {
{ key: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains" }, { key: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains" },
{ key: "Content-Security-Policy", value: { key: "Content-Security-Policy", value:
"default-src 'self'; " + "default-src 'self'; " +
"img-src 'self' data: https://*.r2.cloudflarestorage.com https://*.r2.dev; " + "img-src 'self' data: https://*.r2.cloudflarestorage.com https://*.r2.dev https://*.razorpay.com; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval'; " + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.razorpay.com; " +
"style-src 'self' 'unsafe-inline'; " + "style-src 'self' 'unsafe-inline'; " +
"connect-src 'self' https://llm.manohargupta.com https://analytics.manohargupta.com; " + "connect-src 'self' https://llm.manohargupta.com https://analytics.manohargupta.com https://*.razorpay.com https://lumberjack.razorpay.com; " +
"frame-src 'self' https://*.razorpay.com https://api.razorpay.com; " +
"font-src 'self' data:;" "font-src 'self' data:;"
}, },
], ],