diff --git a/BTCPayServer/BTCPayServer.csproj b/BTCPayServer/BTCPayServer.csproj index 669b425bc..138963594 100644 --- a/BTCPayServer/BTCPayServer.csproj +++ b/BTCPayServer/BTCPayServer.csproj @@ -2,7 +2,7 @@ Exe netcoreapp2.1 - 1.0.2.26 + 1.0.2.27 NU1701,CA1816,CA1308,CA1810,CA2208 diff --git a/BTCPayServer/Controllers/AppsController.PointOfSale.cs b/BTCPayServer/Controllers/AppsController.PointOfSale.cs index bb8b100bf..83687823f 100644 --- a/BTCPayServer/Controllers/AppsController.PointOfSale.cs +++ b/BTCPayServer/Controllers/AppsController.PointOfSale.cs @@ -254,7 +254,8 @@ namespace BTCPayServer.Controllers BuyerEmail = email, OrderId = orderId, NotificationURL = notificationUrl, - RedirectURL = redirectUrl + RedirectURL = redirectUrl, + FullNotifications = true }, store, HttpContext.Request.GetAbsoluteRoot()); return Redirect(invoice.Data.Url); } diff --git a/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml b/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml index eafe1d8ed..3c2f82cc8 100644 --- a/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml +++ b/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml @@ -51,7 +51,7 @@ For a specific item of your template 
@Model.Example2
} -

A POST callback will be sent to notification with the following form will be sent to notificationUrl:

+

A POST callback will be sent to notification with the following form will be sent to notificationUrl once the enough is paid and once again once there is enough confirmations to the payment:

@Model.ExampleCallback

Never trust anything but id, ignore the other fields completely, an attacker can spoof those, they are present only for backward compatibility reason: