github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-21 17:26:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #485 from codimd/fix/dropbox

Browse source
This commit is contained in:
David Mehren 2020-09-02 20:17:57 +02:00 committed by GitHub
commit f862b7a1e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/csp.js
View file

@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
scriptSrc: ['https://www.google-analytics.com']
}
var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
}
CspStrategy.computeDirectives = function () {
var directives = {}
mergeDirectives(directives, config.csp.directives)
@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
if (!areAllInlineScriptsAllowed(directives)) {
addInlineScriptExceptions(directives)
}

6
public/js/index.js
View file

@ -944,7 +944,8 @@ ui.toolbar.download.rawhtml.click(function (e) {
// pdf
ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf')
// export to dropbox
ui.toolbar.export.dropbox.click(function () {
ui.toolbar.export.dropbox.click(function (event) {
event.preventDefault()
var filename = renderFilename(ui.area.markdown) + '.md'
var options = {
files: [
@ -996,7 +997,8 @@ ui.toolbar.export.snippet.click(function () {
})
})
// import from dropbox
ui.toolbar.import.dropbox.click(function () {
ui.toolbar.import.dropbox.click(function (event) {
event.preventDefault()
var options = {
success: function (files) {
ui.spinner.show()

15
test/csp.js
View file

@ -27,7 +27,10 @@ describe('Content security policies', function () {
upgradeInsecureRequests: 'auto',
reportURI: undefined
},
useCDN: true
useCDN: true,
dropbox: {
appKey: undefined
}
}
})
@ -78,6 +81,16 @@ describe('Content security policies', function () {
assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
})
it('Include dropbox if configured', function () {
let testconfig = defaultConfig
testconfig.dropbox.appKey = 'hedgedoc'
mock('../lib/config', testconfig)
csp = mock.reRequire('../lib/csp')
assert(csp.computeDirectives().scriptSrc.includes('https://www.dropbox.com'))
assert(csp.computeDirectives().scriptSrc.includes('\'unsafe-inline\''))
})
it('Set ReportURI', function () {
let testconfig = defaultConfig
testconfig.csp.reportURI = 'https://example.com/reportURI'