4 files changed, 33 insertions, 3 deletions
diff --git a/README.md b/README.md
index dacdfe17..e02b9346 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,16 @@ To use CodiMD, your browser should match or exceed these versions:
 - ![Opera](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera/opera_24x24.png) Opera >= 34, ![Opera Mini](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera-mini/opera-mini_24x24.png) Opera Mini not supported
 - ![Android Browser](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/android-webview-beta/android-webview-beta_24x24.png) Android Browser >= 4.4
 
+## Backup/restore your instance
+
+To backup codimd, you should:
+
+- backup your database
+- backup your custom config file if you have one
+- backup the upload folder (see the [uploadsPath](./docs/configuration.md#codimd-paths-stuff) config directive) 
+
+Restoring an existing instance of codimd is then just a matter of restoring these elements.
+
 ## Related Tools
 
 Our community has created related tools, we'd like to highlight [codimd-cli](https://github.com/codimd/cli)
diff --git a/lib/csp.js b/lib/csp.js
index fe8bea01..24399436 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
   scriptSrc: ['https://www.google-analytics.com']
 }
 
+var dropboxDirectives = {
+  scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
+}
+
 CspStrategy.computeDirectives = function () {
   var directives = {}
   mergeDirectives(directives, config.csp.directives)
@@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
   mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
   mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
   mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
+  mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
   if (!areAllInlineScriptsAllowed(directives)) {
     addInlineScriptExceptions(directives)
   }
diff --git a/public/js/index.js b/public/js/index.js
index 36f396fa..9946e6fd 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -944,7 +944,8 @@ ui.toolbar.download.rawhtml.click(function (e) {
 // pdf
 ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf')
 // export to dropbox
-ui.toolbar.export.dropbox.click(function () {
+ui.toolbar.export.dropbox.click(function (event) {
+  event.preventDefault()
   var filename = renderFilename(ui.area.markdown) + '.md'
   var options = {
     files: [
@@ -996,7 +997,8 @@ ui.toolbar.export.snippet.click(function () {
     })
 })
 // import from dropbox
-ui.toolbar.import.dropbox.click(function () {
+ui.toolbar.import.dropbox.click(function (event) {
+  event.preventDefault()
   var options = {
     success: function (files) {
       ui.spinner.show()
diff --git a/test/csp.js b/test/csp.js
index 8cf24b9a..d081cef0 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -27,7 +27,10 @@ describe('Content security policies', function () {
         upgradeInsecureRequests: 'auto',
         reportURI: undefined
       },
-      useCDN: true
+      useCDN: true,
+      dropbox: {
+        appKey: undefined
+      }
     }
   })
 
@@ -78,6 +81,16 @@ describe('Content security policies', function () {
     assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
   })
 
+  it('Include dropbox if configured', function () {
+    let testconfig = defaultConfig
+    testconfig.dropbox.appKey = 'hedgedoc'
+    mock('../lib/config', testconfig)
+    csp = mock.reRequire('../lib/csp')
+
+    assert(csp.computeDirectives().scriptSrc.includes('https://www.dropbox.com'))
+    assert(csp.computeDirectives().scriptSrc.includes('\'unsafe-inline\''))
+  })
+
   it('Set ReportURI', function () {
     let testconfig = defaultConfig
     testconfig.csp.reportURI = 'https://example.com/reportURI'