aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 22:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

ReferrerPolicy

Browse Source
This commit is contained in:
nicolas.dorier
2018-07-12 02:38:08 +09:00
parent 5dd57c8064
commit 10ceddc709
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
BTCPayServer/Controllers/InvoiceController.UI.cs
View File

@@ -175,6 +175,7 @@ namespace BTCPayServer.Controllers
[Route("invoice")] [Route("invoice")]
[AcceptMediaTypeConstraint("application/bitcoin-paymentrequest", false)] [AcceptMediaTypeConstraint("application/bitcoin-paymentrequest", false)]
[XFrameOptionsAttribute(null)] [XFrameOptionsAttribute(null)]
[ReferrerPolicyAttribute("origin")]
public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null) public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null)
{ {
//Keep compatibility with Bitpay //Keep compatibility with Bitpay

34
BTCPayServer/Filters/ReferrerPolicyAttribute.cs Normal file
View File

@@ -0,0 +1,34 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc.Filters;
namespace BTCPayServer.Filters
{
public interface IReferrerPolicy : IFilterMetadata { }
public class ReferrerPolicyAttribute : Attribute, IActionFilter
{
public ReferrerPolicyAttribute(string value)
{
Value = value;
}
public string Value { get; set; }
public void OnActionExecuted(ActionExecutedContext context)
{
}
public void OnActionExecuting(ActionExecutingContext context)
{
if (context.IsEffectivePolicy<ReferrerPolicyAttribute>(this))
{
var existing = context.HttpContext.Response.Headers["Referrer-Policy"].FirstOrDefault();
if (existing != null && Value == null)
context.HttpContext.Response.Headers.Remove("Referrer-Policy");
else
context.HttpContext.Response.Headers["Referrer-Policy"] = Value;
}
}
}
}

1
BTCPayServer/Hosting/Startup.cs
View File

@@ -81,6 +81,7 @@ namespace BTCPayServer.Hosting
o.Filters.Add(new XFrameOptionsAttribute("DENY")); o.Filters.Add(new XFrameOptionsAttribute("DENY"));
o.Filters.Add(new XContentTypeOptionsAttribute("nosniff")); o.Filters.Add(new XContentTypeOptionsAttribute("nosniff"));
o.Filters.Add(new XXSSProtectionAttribute()); o.Filters.Add(new XXSSProtectionAttribute());
o.Filters.Add(new ReferrerPolicyAttribute("same-origin"));
}); });
services.Configure<IdentityOptions>(options => services.Configure<IdentityOptions>(options =>