Merge pull request #485 from codimd/fix/dropbox

2024-11-25 11:16:31 -05:00 · 2020-09-02 20:17:57 +02:00 · 2020-09-02 20:17:57 +02:00 · f862b7a1e4
commit f862b7a1e4
parent b174f3c574 c2c28d3aeb
3 changed files with 23 additions and 3 deletions
--- a/lib/csp.js
+++ b/lib/csp.js
@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
  scriptSrc: ['https://www.google-analytics.com']
 }
 var dropboxDirectives = {
  scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
 }
 CspStrategy.computeDirectives = function () {
  var directives = {}
  mergeDirectives(directives, config.csp.directives)
@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
  mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
  mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
  mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
  mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
  if (!areAllInlineScriptsAllowed(directives)) {
    addInlineScriptExceptions(directives)
  }
--- a/public/js/index.js
+++ b/public/js/index.js
@ -944,7 +944,8 @@ ui.toolbar.download.rawhtml.click(function (e) {
 // pdf
 ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf')
 // export to dropbox
-ui.toolbar.export.dropbox.click(function () {
+ui.toolbar.export.dropbox.click(function (event) {
  event.preventDefault()
  var filename = renderFilename(ui.area.markdown) + '.md'
  var options = {
    files: [
@ -996,7 +997,8 @@ ui.toolbar.export.snippet.click(function () {
    })
 })
 // import from dropbox
-ui.toolbar.import.dropbox.click(function () {
+ui.toolbar.import.dropbox.click(function (event) {
  event.preventDefault()
  var options = {
    success: function (files) {
      ui.spinner.show()
--- a/test/csp.js
+++ b/test/csp.js
@ -27,7 +27,10 @@ describe('Content security policies', function () {
        upgradeInsecureRequests: 'auto',
        reportURI: undefined
      },
-      useCDN: true
+      useCDN: true,
      dropbox: {
        appKey: undefined
      }
    }
  })
@ -78,6 +81,16 @@ describe('Content security policies', function () {
    assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
  })
  it('Include dropbox if configured', function () {
    let testconfig = defaultConfig
    testconfig.dropbox.appKey = 'hedgedoc'
    mock('../lib/config', testconfig)
    csp = mock.reRequire('../lib/csp')
    assert(csp.computeDirectives().scriptSrc.includes('https://www.dropbox.com'))
    assert(csp.computeDirectives().scriptSrc.includes('\'unsafe-inline\''))
  })
  it('Set ReportURI', function () {
    let testconfig = defaultConfig
    testconfig.csp.reportURI = 'https://example.com/reportURI'