From 570aa758041cde7403a46f4e62693a0a993dda82 Mon Sep 17 00:00:00 2001
From: Roman Zimmermann <roman@more-onion.com>
Date: Mon, 11 Nov 2024 11:51:38 +0100
Subject: [PATCH] feat: Declare CSP header requirements in hook_d7csp_hosts()

---
 braintree_payment.module | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/braintree_payment.module b/braintree_payment.module
index 8d99565..d3876bb 100644
--- a/braintree_payment.module
+++ b/braintree_payment.module
@@ -211,3 +211,33 @@ function _braintree_payment_controlled_payment_method(\PaymentMethod $method) {
   $info = braintree_payment_payment_method_controller_info();
   return isset($info[$method->controller->name]);
 }
+
+/**
+ * Implements hook_d7csp_hosts().
+ */
+function braintree_payment_d7csp_hosts() {
+  // Basic directives.
+  $hosts['script-src'][] = 'js.braintreegateway.com';
+  $hosts['script-src'][] = 'assets.braintreegateway.com';
+  $hosts['img-src'][] = 'assets.braintreegateway.com';
+  $hosts['img-src'][] = 'data:';
+  $hosts['child-src'][] = 'assets.braintreegateway.com';
+  $hosts['frame-src'][] = 'assets.braintreegateway.com';
+  $hosts['connect-src'][] = 'api.braintreegateway.com';
+  $hosts['connect-src'][] = 'client-analytics.braintreegateway.com';
+  $hosts['connect-src'][] = '*.braintree-api.com';
+
+  // Needed for 3D Secure (braintree.threeDSecure).
+  $hosts['script-src'][] = 'songbirdstag.cardinalcommerce.com';
+  $hosts['script-src'][] = 'https://includestest.ccdc02.com';
+  $hosts['frame-src'][] = '*';
+  $hosts['connect-src'][] = '*.cardinalcommerce.com';
+  $hosts['form-action'][] = '*';
+
+  // Needed for Google Pay.
+  $hosts['script-src'][] = 'pay.google.com';
+  $hosts['connect-src'][] = 'pay.google.com';
+  $hosts['connect-src'][] = 'https://google.com/pay';
+
+  return $hosts;
+}