From ea03b6c19c93703cfdabede67e0214a90b1b5ab1 Mon Sep 17 00:00:00 2001
From: Umar Bolatov <bolatovumar@gmail.com>
Date: Wed, 21 Dec 2022 22:05:56 -0800
Subject: [PATCH] Make checkout CSS and logo paths relative (#4354)

* Make sure custom logo and CSS paths are relative

* match request host and scheme before replacing

* Fix the issue for greenfield as well

Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
---
 .../GreenField/GreenfieldStoresController.cs  |  4 ++-
 .../Controllers/UIStoresController.cs         |  4 +--
 BTCPayServer/Data/StoreBlob.cs                | 25 +++++++++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs b/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs
index 92a43c9a8..7bebbdce1 100644
--- a/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs
+++ b/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs
@@ -12,6 +12,7 @@ using BTCPayServer.Security;
 using BTCPayServer.Services.Stores;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using StoreData = BTCPayServer.Data.StoreData;
@@ -149,7 +150,7 @@ namespace BTCPayServer.Controllers.Greenfield
             };
         }
 
-        private static void ToModel(StoreBaseData restModel, Data.StoreData model, PaymentMethodId defaultPaymentMethod)
+        private void ToModel(StoreBaseData restModel, Data.StoreData model, PaymentMethodId defaultPaymentMethod)
         {
             var blob = model.GetStoreBlob();
             model.StoreName = restModel.Name;
@@ -185,6 +186,7 @@ namespace BTCPayServer.Controllers.Greenfield
             blob.LightningDescriptionTemplate = restModel.LightningDescriptionTemplate;
             blob.PaymentTolerance = restModel.PaymentTolerance;
             blob.PayJoinEnabled = restModel.PayJoinEnabled;
+            blob.NormalizeToRelativeLinks(Request);
             model.SetStoreBlob(blob);
         }
 
diff --git a/BTCPayServer/Controllers/UIStoresController.cs b/BTCPayServer/Controllers/UIStoresController.cs
index 63b8e995e..ae6f2847f 100644
--- a/BTCPayServer/Controllers/UIStoresController.cs
+++ b/BTCPayServer/Controllers/UIStoresController.cs
@@ -505,7 +505,7 @@ namespace BTCPayServer.Controllers
             {
                 blob.OnChainWithLnInvoiceFallback = model.OnChainWithLnInvoiceFallback;
             }
-            
+
             blob.RequiresRefundEmail = model.RequiresRefundEmail;
             blob.LazyPaymentMethods = model.LazyPaymentMethods;
             blob.RedirectAutomatically = model.RedirectAutomatically;
@@ -515,7 +515,7 @@ namespace BTCPayServer.Controllers
             blob.HtmlTitle = string.IsNullOrWhiteSpace(model.HtmlTitle) ? null : model.HtmlTitle;
             blob.AutoDetectLanguage = model.AutoDetectLanguage;
             blob.DefaultLang = model.DefaultLang;
-
+            blob.NormalizeToRelativeLinks(Request);
             if (CurrentStore.SetStoreBlob(blob))
             {
                 needUpdate = true;
diff --git a/BTCPayServer/Data/StoreBlob.cs b/BTCPayServer/Data/StoreBlob.cs
index efd579104..27ef36b33 100644
--- a/BTCPayServer/Data/StoreBlob.cs
+++ b/BTCPayServer/Data/StoreBlob.cs
@@ -12,6 +12,7 @@ using BTCPayServer.Payments;
 using BTCPayServer.Rating;
 using BTCPayServer.Services.Mails;
 using BTCPayServer.Services.Rates;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 
@@ -239,6 +240,30 @@ namespace BTCPayServer.Data
             ExcludedPaymentMethods = methods.ToArray();
 #pragma warning restore CS0618 // Type or member is obsolete
         }
+
+        // Replace absolute URL with relative to avoid this issue: https://github.com/btcpayserver/btcpayserver/discussions/4195
+        public void NormalizeToRelativeLinks(HttpRequest request)
+        {
+            var schemeAndHost = $"{request.Scheme}://{request.Host.ToString()}/";
+            this.CustomLogo = EnsureRelativeLinks(this.CustomLogo, schemeAndHost);
+            this.CustomCSS = EnsureRelativeLinks(this.CustomCSS, schemeAndHost);
+        }
+
+        /// <summary>
+        /// Make a link relative if possible
+        /// </summary>
+        /// <param name="value">Example: https://mystore.com/toto.png</param>
+        /// <param name="schemeAndHost">Example: https://mystore.com/</param>
+        /// <returns>/toto.png</returns>
+        private string EnsureRelativeLinks(string value, string schemeAndHost)
+        {
+            if (value is null)
+                return null;
+            value = value.Trim();
+            if (value.StartsWith(schemeAndHost, StringComparison.OrdinalIgnoreCase))
+                return value.Substring(schemeAndHost.Length - 1);
+            return value;
+        }
     }
     public class PaymentMethodCriteria
     {