diff options
author | Erik Michelson | 2020-08-23 01:11:31 +0200 |
---|---|---|
committer | Erik Michelson | 2020-08-23 01:11:31 +0200 |
commit | d9adf598d8c1d41efab495d55404f24fa5c7cbe1 (patch) | |
tree | 3d89a6c967cde24a7d5b89190ca239621e6c96a8 | |
parent | 23d54b8b4b3a9587220c9211d2a92c22609a4de8 (diff) |
Add dropbox CSP directive if configured and make button clickable
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Diffstat (limited to '')
-rw-r--r-- | lib/csp.js | 5 | ||||
-rw-r--r-- | public/js/index.js | 3 |
2 files changed, 7 insertions, 1 deletions
@@ -32,6 +32,10 @@ var googleAnalyticsDirectives = { scriptSrc: ['https://www.google-analytics.com'] } +var dropboxDirectives = { + scriptSrc: ['https://www.dropbox.com'] +} + CspStrategy.computeDirectives = function () { var directives = {} mergeDirectives(directives, config.csp.directives) @@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () { mergeDirectivesIf(config.useCDN, directives, cdnDirectives) mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives) mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives) + mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives) if (!areAllInlineScriptsAllowed(directives)) { addInlineScriptExceptions(directives) } diff --git a/public/js/index.js b/public/js/index.js index ad20ffff..02e66490 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -996,7 +996,8 @@ ui.toolbar.export.snippet.click(function () { }) }) // import from dropbox -ui.toolbar.import.dropbox.click(function () { +ui.toolbar.import.dropbox.click(function (event) { + event.preventDefault() var options = { success: function (files) { ui.spinner.show() |