aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 22:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make sure CORS is enabled on Bitpay's API

Browse Source
This commit is contained in:
nicolas.dorier
2019-01-29 18:20:18 +09:00
parent 0c5b5ff49c
commit 4f4d05b8cd
4 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer/Controllers/AccessTokenController.cs
View File

@@ -2,6 +2,7 @@
using BTCPayServer.Filters; using BTCPayServer.Filters;
using BTCPayServer.Models; using BTCPayServer.Models;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using NBitcoin.DataEncoders; using NBitcoin.DataEncoders;
using NBitpayClient; using NBitpayClient;
@@ -14,6 +15,7 @@ namespace BTCPayServer.Controllers
{ {
[Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)] [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
[BitpayAPIConstraint(true)] [BitpayAPIConstraint(true)]
[EnableCors(CorsPolicies.All)]
public class AccessTokenController : Controller public class AccessTokenController : Controller
{ {
TokenRepository _TokenRepository; TokenRepository _TokenRepository;

2
BTCPayServer/Controllers/InvoiceController.API.cs
View File

@@ -12,8 +12,8 @@ using NBitpayClient;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
[EnableCors("BitpayAPI")]
[BitpayAPIConstraint] [BitpayAPIConstraint]
[EnableCors(CorsPolicies.All)]
[Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)] [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)]
public class InvoiceControllerAPI : Controller public class InvoiceControllerAPI : Controller
{ {

2
BTCPayServer/Controllers/RateController.cs
View File

@@ -12,11 +12,13 @@ using BTCPayServer.Rating;
using Newtonsoft.Json; using Newtonsoft.Json;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using BTCPayServer.Authentication; using BTCPayServer.Authentication;
using Microsoft.AspNetCore.Cors;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
[Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)] [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
[AllowAnonymous] [AllowAnonymous]
[EnableCors(CorsPolicies.All)]
public class RateController : Controller public class RateController : Controller
{ {
RateFetcher _RateProviderFactory; RateFetcher _RateProviderFactory;

8
BTCPayServer/Hosting/Startup.cs
View File

@@ -92,14 +92,6 @@ namespace BTCPayServer.Hosting
options.Lockout.MaxFailedAccessAttempts = 5; options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true; options.Lockout.AllowedForNewUsers = true;
}); });
services.AddCors(o =>
{
o.AddPolicy("BitpayAPI", b =>
{
b.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
});
});
// If the HTTPS certificate path is not set this logic will NOT be used and the default Kestrel binding logic will be. // If the HTTPS certificate path is not set this logic will NOT be used and the default Kestrel binding logic will be.
string httpsCertificateFilePath = Configuration.GetOrDefault<string>("HttpsCertificateFilePath", null); string httpsCertificateFilePath = Configuration.GetOrDefault<string>("HttpsCertificateFilePath", null);
bool useDefaultCertificate = Configuration.GetOrDefault<bool>("HttpsUseDefaultCertificate", false); bool useDefaultCertificate = Configuration.GetOrDefault<bool>("HttpsUseDefaultCertificate", false);