From 2ecc8dbc4e531d5a6a4d3585ca6bc8ba1a390f9c Mon Sep 17 00:00:00 2001
From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com>
Date: Sat, 24 Jun 2023 18:41:37 +0200
Subject: [PATCH] Release 1.283.4 (#2101)

---
 CHANGELOG.md         | 2 +-
 apps/api/src/main.ts | 3 ++-
 package.json         | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c41d7ae5..b7f26636d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 1.283.3 - 2023-06-24
+## 1.283.4 - 2023-06-24
 
 ### Added
 
diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts
index 4a4d9848f..ee3cc8534 100644
--- a/apps/api/src/main.ts
+++ b/apps/api/src/main.ts
@@ -39,7 +39,8 @@ async function bootstrap() {
     helmet({
       contentSecurityPolicy: {
         directives: {
-          scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts
+          frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe
+          scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe
           scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
           styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
         }
diff --git a/package.json b/package.json
index 8d0578247..dee222aa6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ghostfolio",
-  "version": "1.283.3",
+  "version": "1.283.4",
   "homepage": "https://ghostfol.io",
   "license": "AGPL-3.0",
   "scripts": {