MC-41780: Paypal API improvements

svitja · svitja · commit 8bfbea036520 · 2021-04-13T13:54:17.000+03:00
diff --git a/app/code/Magento/Paypal/Controller/Express/OnAuthorization.php b/app/code/Magento/Paypal/Controller/Express/OnAuthorization.php
@@ -126,6 +126,10 @@ public function execute(): ResultInterface
                 $quote = $this->_getQuote();
             }
 
+            if ($customerId != null && ($quote->getCustomerIsGuest() || $customerId !== $quote->getCustomerId())) {
+                throw new LocalizedException(__('Sorry, but something went wrong.'));
+            }
+
             $responseContent = [
                 'success' => true,
                 'error_message' => '',
diff --git a/app/code/Magento/Paypal/etc/csp_whitelist.xml b/app/code/Magento/Paypal/etc/csp_whitelist.xml
@@ -37,5 +37,10 @@
                 <value id="www_pilot_payflowlink_paypal" type="host">pilot-payflowlink.paypal.com</value>
             </values>
         </policy>
+        <policy id="connect-src">
+            <values>
+                <value id="www_sandbox_paypal_com" type="host">www.sandbox.paypal.com</value>
+            </values>
+        </policy>
     </policies>
 </csp_whitelist>
