summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErik Michelson2020-08-23 01:11:31 +0200
committerErik Michelson2020-08-23 01:11:31 +0200
commitd9adf598d8c1d41efab495d55404f24fa5c7cbe1 (patch)
tree3d89a6c967cde24a7d5b89190ca239621e6c96a8
parent23d54b8b4b3a9587220c9211d2a92c22609a4de8 (diff)
Add dropbox CSP directive if configured and make button clickable
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable. Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
-rw-r--r--lib/csp.js5
-rw-r--r--public/js/index.js3
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index fe8bea01..5c9c7b3d 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
scriptSrc: ['https://www.google-analytics.com']
}
+var dropboxDirectives = {
+ scriptSrc: ['https://www.dropbox.com']
+}
+
CspStrategy.computeDirectives = function () {
var directives = {}
mergeDirectives(directives, config.csp.directives)
@@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
+ mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
if (!areAllInlineScriptsAllowed(directives)) {
addInlineScriptExceptions(directives)
}
diff --git a/public/js/index.js b/public/js/index.js
index ad20ffff..02e66490 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -996,7 +996,8 @@ ui.toolbar.export.snippet.click(function () {
})
})
// import from dropbox
-ui.toolbar.import.dropbox.click(function () {
+ui.toolbar.import.dropbox.click(function (event) {
+ event.preventDefault()
var options = {
success: function (files) {
ui.spinner.show()