Release 1.283.4 (#2101)

1 year ago · 2ecc8dbc4e
parent c0e0e2401e
commit 2ecc8dbc4e
3 changed files with 4 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## 1.283.3 - 2023-06-24
+## 1.283.4 - 2023-06-24
 ### Added
--- a/apps/api/src/main.ts
+++ b/apps/api/src/main.ts
@ -39,7 +39,8 @@ async function bootstrap() {
    helmet({
      contentSecurityPolicy: {
        directives: {
-          scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts
+          frameSrc: ["'self'", 'https://js.stripe.com'], // Allow loading frames from Stripe
          scriptSrc: ["'self'", "'unsafe-inline'", 'https://js.stripe.com'], // Allow inline scripts and scripts from Stripe
          scriptSrcAttr: ["'self'", "'unsafe-inline'"], // Allow inline event handlers
          styleSrc: ["'self'", "'unsafe-inline'"] // Allow inline styles
        }
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "ghostfolio",
-  "version": "1.283.3",
+  "version": "1.283.4",
  "homepage": "https://ghostfol.io",
  "license": "AGPL-3.0",
  "scripts": {