diff --git a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs index 0a8606f01f..1e2e986413 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs @@ -210,7 +210,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers }, { "iconApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( - controller => controller.GetIcon("")!) + controller => controller.GetIcon(string.Empty)) }, { "imagesApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( @@ -266,7 +266,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers }, { "memberApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( - controller => controller.GetByKey(Guid.Empty)!) + controller => controller.GetByKey(Guid.Empty)) }, { "packageApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( @@ -274,7 +274,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers }, { "relationApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( - controller => controller.GetById(0)!) + controller => controller.GetById(0)) }, { "rteApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( @@ -358,7 +358,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers }, { "languageApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( - controller => controller.GetAllLanguages()!) + controller => controller.GetAllLanguages()) }, { "relationTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( @@ -378,7 +378,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers }, { "imageUrlGeneratorApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( - controller => controller.GetCropUrl(string.Empty, null, null, null)!) + controller => controller.GetCropUrl(string.Empty, null, null, null)) }, { "elementTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl( diff --git a/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs b/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs index 8599adaedc..44b4551eda 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs @@ -80,8 +80,13 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers // TODO(V10) : change return type to Task> and consider removing baseUrl as parameter //we have baseurl as a param to make previewing easier, so we can test with a dev domain from client side [ValidateAngularAntiForgeryToken] - public async Task GetRemoteDashboardContent(string section, string baseUrl = "https://dashboard.umbraco.com/") + public async Task GetRemoteDashboardContent(string section, string? baseUrl) { + if (baseUrl is null) + { + baseUrl = "https://dashboard.umbraco.com/"; + } + var user = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser; var allowedSections = string.Join(",", user?.AllowedSections ?? Array.Empty()); var language = user?.Language; @@ -141,8 +146,13 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers } // TODO(V10) : consider removing baseUrl as parameter - public async Task GetRemoteDashboardCss(string section, string baseUrl = "https://dashboard.umbraco.org/") + public async Task GetRemoteDashboardCss(string section, string? baseUrl) { + if (baseUrl is null) + { + baseUrl = "https://dashboard.umbraco.org/"; + } + if (!IsAllowedUrl(baseUrl)) { _logger.LogError($"The following URL is not listed in the setting 'Umbraco:CMS:ContentDashboard:ContentDashboardUrlAllowlist' in configuration: {baseUrl}"); diff --git a/src/Umbraco.Web.Common/Extensions/LinkGeneratorExtensions.cs b/src/Umbraco.Web.Common/Extensions/LinkGeneratorExtensions.cs index 71f1d5410a..627778eb2f 100644 --- a/src/Umbraco.Web.Common/Extensions/LinkGeneratorExtensions.cs +++ b/src/Umbraco.Web.Common/Extensions/LinkGeneratorExtensions.cs @@ -54,7 +54,7 @@ namespace Umbraco.Extensions public static string? GetUmbracoApiService(this LinkGenerator linkGenerator, string actionName, IDictionary? values) where T : UmbracoApiControllerBase => linkGenerator.GetUmbracoControllerUrl(actionName, typeof(T), values); - public static string? GetUmbracoApiServiceBaseUrl(this LinkGenerator linkGenerator, Expression> methodSelector) + public static string? GetUmbracoApiServiceBaseUrl(this LinkGenerator linkGenerator, Expression> methodSelector) where T : UmbracoApiControllerBase { var method = ExpressionHelper.GetMethodInfo(methodSelector);