mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2024-11-19 18:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS on uploaded files to the file storage (#4567)

Browse Source
This commit is contained in:
Nicolas Dorier 2023-01-26 19:12:06 +09:00 committed by GitHub
parent 438dcc4c6f
commit 3d576cd06b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
BTCPayServer/Storage/StorageExtensions.cs
View File

@ -75,6 +75,7 @@ namespace BTCPayServer.Storage
{
context.Context.Response.Headers["Content-Disposition"] = "attachment";
}
context.Context.Response.Headers["Content-Security-Policy"] = "script-src 'self'";
};
}
}