aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-24 01:14:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS: Stenghten CSP rules on static file uploads (#4629)

Browse Source
This commit is contained in:
Nicolas Dorier
2023-02-13 23:04:15 +09:00
committed by GitHub
parent b5abcd5ae5
commit dffa6accb0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer/Storage/StorageExtensions.cs
View File

@@ -75,7 +75,7 @@ namespace BTCPayServer.Storage
{
context.Context.Response.Headers["Content-Disposition"] = "attachment";
}
context.Context.Response.Headers["Content-Security-Policy"] = "script-src 'self'";
context.Context.Response.Headers["Content-Security-Policy"] = "script-src ;";
};
}
}