LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add dropbox CSP directive if configured and make button clickable

Browse Source 
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2020-08-23 01:11:31 +02:00
parent 23d54b8b4b
commit d9adf598d8
No known key found for this signature in database
GPG Key ID: DB99ADDDC5C0AF82
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/csp.js
View File

@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
scriptSrc: ['https://www.google-analytics.com']
}
var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com']
}
CspStrategy.computeDirectives = function () {
var directives = {}
mergeDirectives(directives, config.csp.directives)
@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
if (!areAllInlineScriptsAllowed(directives)) {
addInlineScriptExceptions(directives)
}

3
public/js/index.js
View File

@ -996,7 +996,8 @@ ui.toolbar.export.snippet.click(function () {
})
})
// import from dropbox
ui.toolbar.import.dropbox.click(function () {
ui.toolbar.import.dropbox.click(function (event) {
event.preventDefault()
var options = {
success: function (files) {
ui.spinner.show()