upgrade shopify response Content-Security-Policy

3 years ago · 9c10d05462
parent eb5ed56488
commit 9c10d05462
1 changed files with 2 additions and 2 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
@ -21,7 +21,7 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
            if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
                String shop = request.getParameter("shop");
                if (StringUtils.isNotBlank(shop)) {
-                    response.addHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                }
            }
        }
@ -32,7 +32,7 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
                JSONObject body = JSONObject.parseObject(requestBody);
                String shop = body.getString("shop_domain");
                if (StringUtils.isNotBlank(shop)) {
-                    response.addHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                }
            }
        }