aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-19 06:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Harden file type inputs (#4635)

Browse Source
This commit is contained in:
Nicolas Dorier
2023-02-14 17:03:12 +09:00
committed by GitHub
parent 7ad91a76cd
commit fea27b900c
7 changed files with 252 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
BTCPayServer/Storage/StorageExtensions.cs
View File

@@ -76,6 +76,7 @@ namespace BTCPayServer.Storage
context.Context.Response.Headers["Content-Disposition"] = "attachment";
}
context.Context.Response.Headers["Content-Security-Policy"] = "script-src ;";
context.Context.Response.Headers["X-Content-Type-Options"] = "nosniff";
};
}
}