spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix QR label modal: allow self in frame-src CSP, fix Bootstrap API call

Browse Source 
frame-src was missing 'self' so the Label iframe was blocked by CSP.
bootstrap.Modal.getOrCreate does not exist; correct method is getOrCreateInstance.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-05-23 09:59:14 -04:00
parent d77b3778ac
commit b9cd693421
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Web/Program.cs
+1 -1
View File
@@ -699,7 +699,7 @@ app.Use(async (context, next) =>
"font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; " + "font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; " +
"img-src 'self' data: https:; " + "img-src 'self' data: https:; " +
$"connect-src {cspConnectSrc}; " + $"connect-src {cspConnectSrc}; " +
"frame-src https://js.stripe.com https://hooks.stripe.com"); "frame-src 'self' https://js.stripe.com https://hooks.stripe.com");
// Referrer Policy - control referrer information // Referrer Policy - control referrer information
context.Response.Headers.Append("Referrer-Policy", "strict-origin-when-cross-origin"); context.Response.Headers.Append("Referrer-Policy", "strict-origin-when-cross-origin");
src/PowderCoating.Web/Views/Inventory/Index.cshtml
+1 -1
View File
@@ -519,7 +519,7 @@
e.stopPropagation(); e.stopPropagation();
const frame = document.getElementById('qrLabelFrame'); const frame = document.getElementById('qrLabelFrame');
frame.src = '@Url.Action("Label", "Inventory")/' + itemId + '?embed=true'; frame.src = '@Url.Action("Label", "Inventory")/' + itemId + '?embed=true';
bootstrap.Modal.getOrCreate(document.getElementById('qrLabelModal')).show(); bootstrap.Modal.getOrCreateInstance(document.getElementById('qrLabelModal')).show();
} }
// Make table rows clickable // Make table rows clickable