mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-02-21 14:04:12 +01:00
Fix CSP when there is a theme
This commit is contained in:
nicolas.dorier
parent
650df97e50
commit
ad7b62fa3d
5 changed files with 5 additions and 58 deletions
|
|
@ -448,20 +448,6 @@ namespace BTCPayServer.Controllers
|
||||||
|
|
||||||
if (view == "modal")
|
if (view == "modal")
|
||||||
model.IsModal = true;
|
model.IsModal = true;
|
||||||
|
|
||||||
_CSP.Add(new ConsentSecurityPolicy("script-src", "'unsafe-eval'")); // Needed by Vue
|
|
||||||
if (!string.IsNullOrEmpty(model.CustomCSSLink) &&
|
|
||||||
Uri.TryCreate(model.CustomCSSLink, UriKind.Absolute, out var uri))
|
|
||||||
{
|
|
||||||
_CSP.Clear();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!string.IsNullOrEmpty(model.CustomLogoLink) &&
|
|
||||||
Uri.TryCreate(model.CustomLogoLink, UriKind.Absolute, out uri))
|
|
||||||
{
|
|
||||||
_CSP.Clear();
|
|
||||||
}
|
|
||||||
|
|
||||||
return View(nameof(Checkout), model);
|
return View(nameof(Checkout), model);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,6 @@ namespace BTCPayServer.Controllers
|
||||||
public partial class InvoiceController : Controller
|
public partial class InvoiceController : Controller
|
||||||
{
|
{
|
||||||
readonly InvoiceRepository _InvoiceRepository;
|
readonly InvoiceRepository _InvoiceRepository;
|
||||||
readonly ContentSecurityPolicies _CSP;
|
|
||||||
readonly RateFetcher _RateProvider;
|
readonly RateFetcher _RateProvider;
|
||||||
readonly StoreRepository _StoreRepository;
|
readonly StoreRepository _StoreRepository;
|
||||||
readonly UserManager<ApplicationUser> _UserManager;
|
readonly UserManager<ApplicationUser> _UserManager;
|
||||||
|
|
@ -72,7 +71,6 @@ namespace BTCPayServer.Controllers
|
||||||
_dbContextFactory = dbContextFactory;
|
_dbContextFactory = dbContextFactory;
|
||||||
_paymentHostedService = paymentHostedService;
|
_paymentHostedService = paymentHostedService;
|
||||||
WebhookNotificationManager = webhookNotificationManager;
|
WebhookNotificationManager = webhookNotificationManager;
|
||||||
_CSP = csp;
|
|
||||||
_languageService = languageService;
|
_languageService = languageService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
||||||
using System;
|
|
||||||
using BTCPayServer.Abstractions.Contracts;
|
|
||||||
using BTCPayServer.Security;
|
|
||||||
using Microsoft.AspNetCore.Mvc.Filters;
|
|
||||||
|
|
||||||
namespace BTCPayServer.HostedServices
|
|
||||||
{
|
|
||||||
public class ContentSecurityPolicyCssThemeManager : Attribute, IActionFilter, IOrderedFilter
|
|
||||||
{
|
|
||||||
public int Order => 1001;
|
|
||||||
|
|
||||||
public void OnActionExecuted(ActionExecutedContext context)
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void OnActionExecuting(ActionExecutingContext context)
|
|
||||||
{
|
|
||||||
var settingsRepository = context.HttpContext.RequestServices.GetService(typeof(ISettingsRepository)) as ISettingsRepository;
|
|
||||||
|
|
||||||
var policies = context.HttpContext.RequestServices.GetService(typeof(ContentSecurityPolicies)) as ContentSecurityPolicies;
|
|
||||||
if (policies != null)
|
|
||||||
{
|
|
||||||
var theme = settingsRepository.GetTheme().GetAwaiter().GetResult();
|
|
||||||
if (theme.CssUri != null && Uri.TryCreate(theme.CssUri, UriKind.Absolute, out var uri))
|
|
||||||
{
|
|
||||||
policies.Clear();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -302,7 +302,6 @@ namespace BTCPayServer.Hosting
|
||||||
|
|
||||||
services.Configure<MvcOptions>((o) =>
|
services.Configure<MvcOptions>((o) =>
|
||||||
{
|
{
|
||||||
o.Filters.Add(new ContentSecurityPolicyCssThemeManager());
|
|
||||||
o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(WalletId)));
|
o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(WalletId)));
|
||||||
o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(DerivationStrategyBase)));
|
o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(DerivationStrategyBase)));
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -75,8 +75,6 @@ namespace BTCPayServer.Security
|
||||||
}
|
}
|
||||||
public void Add(ConsentSecurityPolicy policy)
|
public void Add(ConsentSecurityPolicy policy)
|
||||||
{
|
{
|
||||||
if (_Policies.Any(p => p.Name == policy.Name && p.Value == policy.Name))
|
|
||||||
return;
|
|
||||||
_Policies.Add(policy);
|
_Policies.Add(policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -94,20 +92,18 @@ namespace BTCPayServer.Security
|
||||||
value.Append(';');
|
value.Append(';');
|
||||||
}
|
}
|
||||||
HashSet<string> values = new HashSet<string>();
|
HashSet<string> values = new HashSet<string>();
|
||||||
|
List<string> valuesList = new List<string>();
|
||||||
values.Add(group.Key);
|
values.Add(group.Key);
|
||||||
|
valuesList.Add(group.Key);
|
||||||
foreach (var v in group)
|
foreach (var v in group)
|
||||||
{
|
{
|
||||||
values.Add(v.Value);
|
if (values.Add(v.Value))
|
||||||
|
valuesList.Add(v.Value);
|
||||||
}
|
}
|
||||||
value.Append(String.Join(" ", values.OfType<object>().ToArray()));
|
value.Append(String.Join(" ", valuesList.OfType<object>().ToArray()));
|
||||||
firstGroup = false;
|
firstGroup = false;
|
||||||
}
|
}
|
||||||
return value.ToString();
|
return value.ToString();
|
||||||
}
|
}
|
||||||
|
|
||||||
internal void Clear()
|
|
||||||
{
|
|
||||||
_Policies.Clear();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue