mirror of
https://github.com/aljazceru/btcpayserver.git
synced 2025-12-18 22:44:29 +01:00
51a5d2e812
* Enable better error when invoice cannot be created on crowdfund Closes #572 * Allow all public apps in iframe * cleanup pos page dev info
60 lines
1.6 KiB
C#
60 lines
1.6 KiB
C#
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace BTCPayServer.Filters
|
|
{
|
|
public class XFrameOptionsAttribute : Attribute, IActionFilter
|
|
{
|
|
public XFrameOptionsAttribute(string value)
|
|
{
|
|
Value = value;
|
|
}
|
|
|
|
public XFrameOptionsAttribute(XFrameOptions type, string allowFrom = null)
|
|
{
|
|
switch (type)
|
|
{
|
|
case XFrameOptions.Deny:
|
|
Value = "deny";
|
|
break;
|
|
case XFrameOptions.SameOrigin:
|
|
Value = "deny";
|
|
break;
|
|
case XFrameOptions.AllowFrom:
|
|
Value = $"allow-from {allowFrom}";
|
|
break;
|
|
case XFrameOptions.AllowAll:
|
|
Value = "allow-all";
|
|
break;
|
|
default:
|
|
throw new ArgumentOutOfRangeException(nameof(type), type, null);
|
|
}
|
|
}
|
|
|
|
public string Value { get; set; }
|
|
|
|
public void OnActionExecuted(ActionExecutedContext context)
|
|
{
|
|
}
|
|
|
|
public void OnActionExecuting(ActionExecutingContext context)
|
|
{
|
|
if (context.IsEffectivePolicy<XFrameOptionsAttribute>(this))
|
|
{
|
|
context.HttpContext.Response.SetHeaderOnStarting("X-Frame-Options", Value);
|
|
}
|
|
}
|
|
|
|
public enum XFrameOptions
|
|
{
|
|
Deny,
|
|
SameOrigin,
|
|
AllowFrom,
|
|
AllowAll
|
|
}
|
|
}
|
|
}
|