mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-12 22:26:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix GitLab snippet export

Browse source 
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2022-04-03 22:47:42 +02:00 committed by David Mehren
parent 0195f16d9a
commit 0093aa4783
5 changed files with 40 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/csp.js
View file

@ -50,6 +50,10 @@ const allowPDFEmbedDirectives = {
frameSrc: ['*'] // Chrome also checks PDFs against frame-src
}
const configuredGitLabInstanceDirectives = {
connectSrc: [config.gitlab.baseURL]
}
CspStrategy.computeDirectives = function () {
const directives = {}
mergeDirectives(directives, config.csp.directives)
@ -59,6 +63,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives)
mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives)
mergeDirectivesIf(config.isGitlabSnippetsEnable, directives, configuredGitLabInstanceDirectives)
addInlineScriptExceptions(directives)
addUpgradeUnsafeRequestsOptionTo(directives)
addReportURI(directives)