From 24c19efd52811656337e93cea66fb04d0e11e4da Mon Sep 17 00:00:00 2001 From: Dennis Reimann Date: Tue, 31 Jan 2023 22:13:45 +0100 Subject: [PATCH] Crowdfund: Add CSP rules for Disqus Fixes #4572. --- .../Views/Shared/Crowdfund/Public/ViewCrowdfund.cshtml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/BTCPayServer/Views/Shared/Crowdfund/Public/ViewCrowdfund.cshtml b/BTCPayServer/Views/Shared/Crowdfund/Public/ViewCrowdfund.cshtml index b429318f7..172653ea5 100644 --- a/BTCPayServer/Views/Shared/Crowdfund/Public/ViewCrowdfund.cshtml +++ b/BTCPayServer/Views/Shared/Crowdfund/Public/ViewCrowdfund.cshtml @@ -1,9 +1,15 @@ @model BTCPayServer.Plugins.Crowdfund.Models.ViewCrowdfundViewModel @using BTCPayServer.Plugins.Crowdfund.Models @inject BTCPayServer.Services.BTCPayServerEnvironment Env +@inject BTCPayServer.Security.ContentSecurityPolicies Csp @{ ViewData["Title"] = Model.Title; Layout = null; + if (!string.IsNullOrEmpty(Model.DisqusShortname)) + { + Csp.Add("script-src", $"https://{Model.DisqusShortname}.disqus.com"); + Csp.Add("script-src", "https://c.disquscdn.com"); + } }