Fix: Redirecting to local absolute URL in wizard windows should work

BTCPayServer/Extensions/UrlHelperExtensions.cs

@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Mvc
                 return url;
             if (httpRequest is null)
                 return null;
-            if (Uri.TryCreate(url, UriKind.Absolute, out var r) && r.Host.Equals(httpRequest.Host.Host))
+            if (Uri.TryCreate(url, UriKind.Absolute, out var r) && r.Host.Equals(httpRequest.Host.Host) && (!httpRequest.IsHttps || r.Scheme == "https"))
                 return url;
             return null;
         }

BTCPayServer/Views/Shared/ConfirmModal.cshtml

@@ -32,7 +32,7 @@
 
         @if (!string.IsNullOrEmpty(Model.Action))
         {
-            <form id="ConfirmForm" method="post" action="@Url.EnsureLocal(actionUrl)" rel="noreferrer noopener">
+			<form id="ConfirmForm" method="post" action="@Url.EnsureLocal(actionUrl, Context.Request)" rel="noreferrer noopener">
                 <div class="modal-body pt-0" id="ConfirmText" hidden>
                     <label for="ConfirmInput" class="form-label">Confirm the action by typing <strong id="ConfirmInputText"></strong>:</label>
                     <input id="ConfirmInput" class="form-control"/>

BTCPayServer/Views/UIHome/RecoverySeedBackup.cshtml

@@ -80,7 +80,7 @@
     </div>
     @if (Model.RequireConfirm)
     {
-        <form id="RecoveryConfirmation" action="@Url.EnsureLocal(Model.ReturnUrl)" class="position-relative d-flex align-items-start justify-content-center" style="padding:20px 0 100px" rel="noreferrer noopener">
+        <form id="RecoveryConfirmation" action="@Url.EnsureLocal(Model.ReturnUrl, Context.Request)" class="position-relative d-flex align-items-start justify-content-center" style="padding:20px 0 100px" rel="noreferrer noopener">
             <label class="form-check-label lead order-2" for="confirm">I have written down my recovery phrase and stored it in a secure location</label>
             <input type="checkbox" class="me-3 order-1 form-check-input" id="confirm" style="margin-top:.35rem;flex-shrink:0">
             <button type="submit" class="btn btn-primary btn-lg px-5 order-3" id="submit">Done</button>
@@ -89,6 +89,6 @@
     }
     else
     {
-        <a href="@Url.EnsureLocal(Model.ReturnUrl)" class="btn btn-primary btn-lg mt-3 px-5 order-3" id="proceed" rel="noreferrer noopener">Done</a>
+        <a href="@Url.EnsureLocal(Model.ReturnUrl, Context.Request)" class="btn btn-primary btn-lg mt-3 px-5 order-3" id="proceed" rel="noreferrer noopener">Done</a>
     }
 </main>

BTCPayServer/Views/UIWallets/SignWithSeed.cshtml

@@ -11,11 +11,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletPSBT.cshtml

@@ -13,11 +13,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletPSBTCombine.cshtml

@@ -11,11 +11,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletPSBTDecoded.cshtml

@@ -77,11 +77,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletReceive.cshtml

@@ -18,7 +18,7 @@
 }
 
 @section Navbar {
-    <a href="@Url.EnsureLocal(returnUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(returnUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletSend.cshtml

@@ -20,11 +20,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletSendVault.cshtml

@@ -11,11 +11,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }

BTCPayServer/Views/UIWallets/WalletSigningOptions.cshtml

@@ -12,11 +12,11 @@
 @section Navbar {
     @if (backUrl != null)
     {
-        <a href="@Url.EnsureLocal(backUrl)" id="GoBack">
+		<a href="@Url.EnsureLocal(backUrl, Context.Request)" id="GoBack">
             <vc:icon symbol="back" />
         </a>
     }
-    <a href="@Url.EnsureLocal(cancelUrl)" id="CancelWizard" class="cancel">
+	<a href="@Url.EnsureLocal(cancelUrl, Context.Request)" id="CancelWizard" class="cancel">
         <vc:icon symbol="close" />
     </a>
 }