btcpayserver/BTCPayServer/Views/UIStores/PayButtonEnable.cshtml

@{
	ViewData.SetActivePage(StoreNavPages.PayButton, "Pay Button", Context.GetStoreData().Id);
}

<h2 class="mt-1 mb-4">@ViewData["Title"]</h2>

<div class="row">
	<div class="col-md-10">
		<div class="alert alert-warning alert-dismissible mb-5" role="alert">
			<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
				<vc:icon symbol="close" />
			</button>
			<p><strong>Warning:</strong> This feature should not be activated on a BTCPay Server store processing commercial transactions.</p>
			<p>By activating this feature, a malicious user can trick you into thinking an order has been processed by creating a new invoice, reusing the same Order Id of another valid order but different amount or currency.</p>
		</div>
		<p>
			To start using Pay Button, you need to enable this feature explicitly.
			Once you do so, anyone could create an invoice on your store (via API, for example).
		</p>
		<form method="post">
			@Html.Hidden("EnableStore", true)
			<button name="command" id="enable-pay-button" type="submit" value="save" class="btn btn-primary">
				Enable
			</button>
		</form>
	</div>
</div>
Add warning about the tradeoff the paybutton (#3340) * Add warning about the security tradeoff of the paybutton * Update BTCPayServer/Views/UIStores/PayButtonEnable.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * Move message in column Co-authored-by: d11n <mail@dennisreimann.de> 2022-01-24 20:00:42 +09:00			`@{`
			`ViewData.SetActivePage(StoreNavPages.PayButton, "Pay Button", Context.GetStoreData().Id);`
Confirmation page for enabling Pay Button 2018-09-03 23:48:53 -05:00			`}`

Store centric UI: Part 3 (#3224) * Set store context in cookie * Fix page id usages in view * Move Pay Button to nav * Move integrations to plugins nav * Store switch links to wallet if present * Test fixes * Nav fixes * Fix altcoin view * Main nav updates * Wallet setttings nav update * Move storeId cookie fallback to cookie auth handler * View fixes * Test fixes * Fix profile check * Rename integrations nav extension point to store-integrations-nav-list * Allow strings for Active page/category for plugins * Make invoice list filter based on store context * Do not set context if we are running authorizer through tag helper * Fix test and unfiltered invoices * Add permission helper for wallet links * Add sanity checks for payment requests and invoices * Store context in home controller * Fix PayjoinViaUI test * Store context for notifications * Minor UI improvements * Store context for userstores and vault controller * Bring back integrations page * Rename notifications nav pages file * Fix user stores controller policies * Controller policy fixes from code review * CookieAuthHandler: Simplify CanViewInvoices case * Revert "Controller policy fixes from code review" This reverts commit 97e8b8379c2f2f373bac15a96632d2c8913ef4bd. * Simplify LayoutSimple * Fix CanViewInvoices condition Co-authored-by: Kukks <evilkukka@gmail.com> 2021-12-31 08:36:38 +01:00			`<h2 class="mt-1 mb-4">@ViewData["Title"]</h2>`

Confirmation page for enabling Pay Button 2018-09-03 23:48:53 -05:00			`<div class="row">`
Add warning about the tradeoff the paybutton (#3340) * Add warning about the security tradeoff of the paybutton * Update BTCPayServer/Views/UIStores/PayButtonEnable.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * Move message in column Co-authored-by: d11n <mail@dennisreimann.de> 2022-01-24 20:00:42 +09:00			`<div class="col-md-10">`
			`<div class="alert alert-warning alert-dismissible mb-5" role="alert">`
			`<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">`
			`<vc:icon symbol="close" />`
			`</button>`
			`<p><strong>Warning:</strong> This feature should not be activated on a BTCPay Server store processing commercial transactions.</p>`
			`<p>By activating this feature, a malicious user can trick you into thinking an order has been processed by creating a new invoice, reusing the same Order Id of another valid order but different amount or currency.</p>`
			`</div>`
			`<p>`
			`To start using Pay Button, you need to enable this feature explicitly.`
			`Once you do so, anyone could create an invoice on your store (via API, for example).`
			`</p>`
			`<form method="post">`
			`@Html.Hidden("EnableStore", true)`
			`<button name="command" id="enable-pay-button" type="submit" value="save" class="btn btn-primary">`
			`Enable`
			`</button>`
			`</form>`
			`</div>`
Confirmation page for enabling Pay Button 2018-09-03 23:48:53 -05:00			`</div>`