diff options
-rw-r--r-- | README.md | 10 | ||||
-rw-r--r-- | lib/csp.js | 5 | ||||
-rw-r--r-- | public/js/index.js | 6 | ||||
-rw-r--r-- | test/csp.js | 15 |
4 files changed, 33 insertions, 3 deletions
@@ -66,6 +66,16 @@ To use CodiMD, your browser should match or exceed these versions: - ![Opera](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera/opera_24x24.png) Opera >= 34, ![Opera Mini](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera-mini/opera-mini_24x24.png) Opera Mini not supported - ![Android Browser](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/android-webview-beta/android-webview-beta_24x24.png) Android Browser >= 4.4 +## Backup/restore your instance + +To backup codimd, you should: + +- backup your database +- backup your custom config file if you have one +- backup the upload folder (see the [uploadsPath](./docs/configuration.md#codimd-paths-stuff) config directive) + +Restoring an existing instance of codimd is then just a matter of restoring these elements. + ## Related Tools Our community has created related tools, we'd like to highlight [codimd-cli](https://github.com/codimd/cli) @@ -32,6 +32,10 @@ var googleAnalyticsDirectives = { scriptSrc: ['https://www.google-analytics.com'] } +var dropboxDirectives = { + scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\''] +} + CspStrategy.computeDirectives = function () { var directives = {} mergeDirectives(directives, config.csp.directives) @@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () { mergeDirectivesIf(config.useCDN, directives, cdnDirectives) mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives) mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives) + mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives) if (!areAllInlineScriptsAllowed(directives)) { addInlineScriptExceptions(directives) } diff --git a/public/js/index.js b/public/js/index.js index 36f396fa..9946e6fd 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -944,7 +944,8 @@ ui.toolbar.download.rawhtml.click(function (e) { // pdf ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf') // export to dropbox -ui.toolbar.export.dropbox.click(function () { +ui.toolbar.export.dropbox.click(function (event) { + event.preventDefault() var filename = renderFilename(ui.area.markdown) + '.md' var options = { files: [ @@ -996,7 +997,8 @@ ui.toolbar.export.snippet.click(function () { }) }) // import from dropbox -ui.toolbar.import.dropbox.click(function () { +ui.toolbar.import.dropbox.click(function (event) { + event.preventDefault() var options = { success: function (files) { ui.spinner.show() diff --git a/test/csp.js b/test/csp.js index 8cf24b9a..d081cef0 100644 --- a/test/csp.js +++ b/test/csp.js @@ -27,7 +27,10 @@ describe('Content security policies', function () { upgradeInsecureRequests: 'auto', reportURI: undefined }, - useCDN: true + useCDN: true, + dropbox: { + appKey: undefined + } } }) @@ -78,6 +81,16 @@ describe('Content security policies', function () { assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com')) }) + it('Include dropbox if configured', function () { + let testconfig = defaultConfig + testconfig.dropbox.appKey = 'hedgedoc' + mock('../lib/config', testconfig) + csp = mock.reRequire('../lib/csp') + + assert(csp.computeDirectives().scriptSrc.includes('https://www.dropbox.com')) + assert(csp.computeDirectives().scriptSrc.includes('\'unsafe-inline\'')) + }) + it('Set ReportURI', function () { let testconfig = defaultConfig testconfig.csp.reportURI = 'https://example.com/reportURI' |