App: Allow receipt to be shown in iframe (#6574)

Also detects if the checkout page is shown within an iframe and hides the back to store link in that case.
2025-12-17 22:14:26 +01:00 · 2025-01-21 15:50:27 +01:00
parent 97173c9811
commit 20e8db7307
4 changed files with 12 additions and 2 deletions
--- a/BTCPayServer/Controllers/UIInvoiceController.UI.cs
+++ b/BTCPayServer/Controllers/UIInvoiceController.UI.cs
@@ -188,6 +188,7 @@ namespace BTCPayServer.Controllers
            return View(model);
        }

+        [XFrameOptions(null)]
        [HttpGet("i/{invoiceId}/receipt")]
        public async Task<IActionResult> InvoiceReceipt(string invoiceId, [FromQuery] bool print = false)
        {
--- a/BTCPayServer/Views/Shared/LayoutHeadTheme.cshtml
+++ b/BTCPayServer/Views/Shared/LayoutHeadTheme.cshtml
@@ -2,7 +2,10 @@
@inject ThemeSettings Theme
@inject UriResolver UriResolver

-<script>if (window.localStorage.getItem('btcpay-hide-sensitive-info') === 'true') { document.documentElement.setAttribute('data-hide-sensitive-info', 'true')}</script>
+<script>
+    if (window.localStorage.getItem('btcpay-hide-sensitive-info') === 'true') { document.documentElement.setAttribute('data-hide-sensitive-info', 'true')}
+    if (window.location !== window.parent.location) { document.documentElement.setAttribute('data-within-iframe', 'true')}
+</script>
@if (Theme.CustomTheme && Theme.CustomThemeCssUrl is not null)
 {   // new customization uses theme file id provided by upload
    @if (Theme.CustomThemeExtension != ThemeExtension.Custom)
--- a/BTCPayServer/Views/UIInvoice/InvoiceReceipt.cshtml
+++ b/BTCPayServer/Views/UIInvoice/InvoiceReceipt.cshtml
@@ -175,7 +175,7 @@
                }
                @if (!string.IsNullOrEmpty(Model.RedirectUrl))
                {
-                    <a href="@Model.RedirectUrl" class="btn btn-secondary rounded-pill mx-auto mt-3" rel="noreferrer noopener" target="_blank">Return to @(string.IsNullOrEmpty(Model.StoreName) ? "store" : Model.StoreName)</a>
+                    <a href="@Model.RedirectUrl" class="btn btn-secondary rounded-pill mx-auto mt-3" rel="noreferrer noopener" target="_blank" id="StoreLink">Return to @(string.IsNullOrEmpty(Model.StoreName) ? "store" : Model.StoreName)</a>
                }
            </div>
        </main>
--- a/BTCPayServer/wwwroot/main/site.css
+++ b/BTCPayServer/wwwroot/main/site.css
@@ -27,6 +27,12 @@
    visibility: hidden;
 }

+/* Iframe context */
+[data-within-iframe] #StoreLink,
+[data-within-iframe] .store-footer {
+    display: none;
+}
+
 /* Form validation messages should match alert styles */
 .validation-summary-errors {
    padding: .75rem 1rem;