mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-02-28 16:58:00 +01:00
e23ddf118e
* Add warning about the security tradeoff of the paybutton * Update BTCPayServer/Views/UIStores/PayButtonEnable.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * Move message in column Co-authored-by: d11n <mail@dennisreimann.de>
27 lines
1.1 KiB
Text
27 lines
1.1 KiB
Text
@{
|
|
ViewData.SetActivePage(StoreNavPages.PayButton, "Pay Button", Context.GetStoreData().Id);
|
|
}
|
|
|
|
<h2 class="mt-1 mb-4">@ViewData["Title"]</h2>
|
|
|
|
<div class="row">
|
|
<div class="col-md-10">
|
|
<div class="alert alert-warning alert-dismissible mb-5" role="alert">
|
|
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
|
|
<vc:icon symbol="close" />
|
|
</button>
|
|
<p><strong>Warning:</strong> This feature should not be activated on a BTCPay Server store processing commercial transactions.</p>
|
|
<p>By activating this feature, a malicious user can trick you into thinking an order has been processed by creating a new invoice, reusing the same Order Id of another valid order but different amount or currency.</p>
|
|
</div>
|
|
<p>
|
|
To start using Pay Button, you need to enable this feature explicitly.
|
|
Once you do so, anyone could create an invoice on your store (via API, for example).
|
|
</p>
|
|
<form method="post">
|
|
@Html.Hidden("EnableStore", true)
|
|
<button name="command" id="enable-pay-button" type="submit" value="save" class="btn btn-primary">
|
|
Enable
|
|
</button>
|
|
</form>
|
|
</div>
|
|
</div>
|