summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/csp.js5
-rw-r--r--public/js/index.js6
-rw-r--r--test/csp.js15
3 files changed, 23 insertions, 3 deletions
diff --git a/lib/csp.js b/lib/csp.js
index fe8bea01..24399436 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
scriptSrc: ['https://www.google-analytics.com']
}
+var dropboxDirectives = {
+ scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
+}
+
CspStrategy.computeDirectives = function () {
var directives = {}
mergeDirectives(directives, config.csp.directives)
@@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
+ mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
if (!areAllInlineScriptsAllowed(directives)) {
addInlineScriptExceptions(directives)
}
diff --git a/public/js/index.js b/public/js/index.js
index ad20ffff..3eaba0ee 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -944,7 +944,8 @@ ui.toolbar.download.rawhtml.click(function (e) {
// pdf
ui.toolbar.download.pdf.attr('download', '').attr('href', noteurl + '/pdf')
// export to dropbox
-ui.toolbar.export.dropbox.click(function () {
+ui.toolbar.export.dropbox.click(function (event) {
+ event.preventDefault()
var filename = renderFilename(ui.area.markdown) + '.md'
var options = {
files: [
@@ -996,7 +997,8 @@ ui.toolbar.export.snippet.click(function () {
})
})
// import from dropbox
-ui.toolbar.import.dropbox.click(function () {
+ui.toolbar.import.dropbox.click(function (event) {
+ event.preventDefault()
var options = {
success: function (files) {
ui.spinner.show()
diff --git a/test/csp.js b/test/csp.js
index 8cf24b9a..d081cef0 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -27,7 +27,10 @@ describe('Content security policies', function () {
upgradeInsecureRequests: 'auto',
reportURI: undefined
},
- useCDN: true
+ useCDN: true,
+ dropbox: {
+ appKey: undefined
+ }
}
})
@@ -78,6 +81,16 @@ describe('Content security policies', function () {
assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
})
+ it('Include dropbox if configured', function () {
+ let testconfig = defaultConfig
+ testconfig.dropbox.appKey = 'hedgedoc'
+ mock('../lib/config', testconfig)
+ csp = mock.reRequire('../lib/csp')
+
+ assert(csp.computeDirectives().scriptSrc.includes('https://www.dropbox.com'))
+ assert(csp.computeDirectives().scriptSrc.includes('\'unsafe-inline\''))
+ })
+
it('Set ReportURI', function () {
let testconfig = defaultConfig
testconfig.csp.reportURI = 'https://example.com/reportURI'