From a5d39d45d9167442e0acc009647db66bfd31d8e3 Mon Sep 17 00:00:00 2001
From: Michelle Bergquist <michelle.bergquist@goteleport.com>
Date: Mon, 8 May 2023 10:38:29 -0600
Subject: [PATCH] add Stripe to Teleport CSP

---
 lib/httplib/httpheaders.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/httplib/httpheaders.go b/lib/httplib/httpheaders.go
index c60af496fb455..d335e23f20488 100644
--- a/lib/httplib/httpheaders.go
+++ b/lib/httplib/httpheaders.go
@@ -99,6 +99,9 @@ func GetDefaultContentSecurityPolicy() string {
 		"frame-ancestors 'none'",
 		// additional default restrictions
 		"object-src 'none'",
+		// auto-pay plans in Cloud use stripe.com to manage billing information
+		"script-src 'self' https://js.stripe.com",
+		"frame-src https://js.stripe.com",
 	}, ";")
 }