aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,589 Commits 5 Branches 430 Tags
master
Commit Graph

11 Commits

Author SHA1 Message Date
nicolas.dorier
fdc47e4a38 Avoid crash when some plugins are installed (#4725) 2023-03-03 20:18:09 +09:00
d11n
23761eacc1 Unset X-Frame-Options header correctly (#4721) 
* Unset X-Frame-Options header correctly

According to the [spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) there are onlye the `DENY` and `SAMEORIGIN` options, `ALLOW-FROM` being deprecated. Hence we have to actively unset the header, as we made `DENY` the default.

This also unsets the X-Frame-Options header for the public form pages, which fixes #4666.

* Ignore anti forgery token in Forms

---------

Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
 2023-03-01 15:27:18 +09:00
rockstardev
f88c02cccd Removing unused usings, readonly fields where possible 2020-06-28 22:07:48 -05:00
rockstardev
b6c7af32de Cleaning up bom from cs files 2020-06-28 21:44:35 -05:00
nicolas.dorier
51514252b6 Run dotnet format 2020-06-28 17:55:27 +09:00
Andrew Camilleri
51a5d2e812 Refactor XFrames Attribute & simplify pos settings page (#576) 
* Enable better error when invoice cannot be created on crowdfund

Closes #572

* Allow all public apps in iframe

* cleanup pos page dev info
 2019-01-31 16:56:21 +09:00
nicolas.dorier
6eeef8a866 Remove XFrame on the checkout page 2018-08-29 00:31:23 +09:00
nicolas.dorier
976d9d0cda Add CSP (Disable it if custom theming) 2018-07-12 17:38:21 +09:00
nicolas.dorier
5dd57c8064 X-XSS-Protection 2018-07-12 02:23:54 +09:00
nicolas.dorier
4deb7c3270 Adopt dotnet core editorconfig, big reformating 2017-10-27 17:53:04 +09:00
nicolas.dorier
27200d1fb0 X-Frame-Options 2017-10-13 17:13:21 +09:00