Add dropbox CSP directive if configured and make button clickable

The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable. Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2025-05-13 06:34:39 -04:00 · 2020-08-23 01:11:31 +02:00 · 2020-08-23 01:11:31 +02:00 · d9adf598d8
commit d9adf598d8
parent 23d54b8b4b
2 changed files with 7 additions and 1 deletions
--- a/lib/csp.js
+++ b/lib/csp.js
@ -32,6 +32,10 @@ var googleAnalyticsDirectives = {
  scriptSrc: ['https://www.google-analytics.com']
 }
 var dropboxDirectives = {
  scriptSrc: ['https://www.dropbox.com']
 }
 CspStrategy.computeDirectives = function () {
  var directives = {}
  mergeDirectives(directives, config.csp.directives)
@ -39,6 +43,7 @@ CspStrategy.computeDirectives = function () {
  mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
  mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
  mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
  mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
  if (!areAllInlineScriptsAllowed(directives)) {
    addInlineScriptExceptions(directives)
  }
--- a/public/js/index.js
+++ b/public/js/index.js
@ -996,7 +996,8 @@ ui.toolbar.export.snippet.click(function () {
    })
 })
 // import from dropbox
-ui.toolbar.import.dropbox.click(function () {
+ui.toolbar.import.dropbox.click(function (event) {
  event.preventDefault()
  var options = {
    success: function (files) {
      ui.spinner.show()