early nanopay

config/initializers/content_security_policy.rb

@@ -58,8 +58,8 @@ def sso_host
     p.connect_src :self, :data, :blob, *media_hosts, Rails.configuration.x.streaming_api_base_url, *front_end_build_urls
     p.script_src  :self, :unsafe_inline, :unsafe_eval, assets_host
   else
-    p.connect_src :self, :data, :blob, *media_hosts, Rails.configuration.x.streaming_api_base_url, "https://pay.nano.to", "https://rpc.nano.to"
-    p.script_src  :self, assets_host, "'wasm-unsafe-eval'", "https://pay.nano.to"
+    p.connect_src :self, :data, :blob, *media_hosts, Rails.configuration.x.streaming_api_base_url, 'https://pay.nano.to', 'https://rpc.nano.to'
+    p.script_src  :self, assets_host, "'wasm-unsafe-eval'", 'https://pay.nano.to'
   end
 end
 

spec/requests/content_security_policy_spec.rb

@@ -12,17 +12,16 @@
       "default-src 'none'",
       "frame-ancestors 'none'",
       "font-src 'self' https://cb6e6126.ngrok.io",
-      "img-src 'self' data: blob: https://cb6e6126.ngrok.io https://pay.nano.to",
-      "style-src 'unsafe-inline'",
-      # "style-src 'unsafe-inline' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
+      "img-src 'self' data: blob: https://cb6e6126.ngrok.io",
+      "style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
       "media-src 'self' data: https://cb6e6126.ngrok.io",
       "frame-src 'self' https:",
       "manifest-src 'self' https://cb6e6126.ngrok.io",
       "form-action 'self'",
       "child-src 'self' blob: https://cb6e6126.ngrok.io",
       "worker-src 'self' blob: https://cb6e6126.ngrok.io",
-      "connect-src 'self' data: blob: https://rpc.nano.to https://api.nano.to https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000",
-      "script-src 'self' https://pay.nano.to https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
+      "connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000",
+      "script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
     )
   end
 end