From dffa6accb04df7b80bc584dedef22c9297292ce6 Mon Sep 17 00:00:00 2001
From: Nicolas Dorier <nicolas.dorier@gmail.com>
Date: Mon, 13 Feb 2023 23:04:15 +0900
Subject: [PATCH] Fix XSS: Stenghten CSP rules on static file uploads (#4629)

---
 BTCPayServer/Storage/StorageExtensions.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BTCPayServer/Storage/StorageExtensions.cs b/BTCPayServer/Storage/StorageExtensions.cs
index cb91b93c2d..be3259fda0 100644
--- a/BTCPayServer/Storage/StorageExtensions.cs
+++ b/BTCPayServer/Storage/StorageExtensions.cs
@@ -75,7 +75,7 @@ private static Action<StaticFileResponseContext> HandleStaticFileResponse()
                 {
                     context.Context.Response.Headers["Content-Disposition"] = "attachment";
                 }
-                context.Context.Response.Headers["Content-Security-Policy"] = "script-src 'self'";
+                context.Context.Response.Headers["Content-Security-Policy"] = "script-src ;";
             };
         }
     }