Merge pull request #418 from standardnotes/csp-action-bar

fix: update CSP to allow action bar to download notes
2020-06-25 07:39:38 -05:00
parent 54b6fea047 80b4b530ee
commit 793137479d
2 changed files with 2 additions and 2 deletions
--- a/app/assets/templates/directives/component-view.pug
+++ b/app/assets/templates/directives/component-view.pug
@@ -89,7 +89,7 @@ iframe(
  ng-attr-id='component-iframe-{{ctrl.component.uuid}}', 
  ng-if='ctrl.component && ctrl.componentValid', 
  ng-src='{{ctrl.getUrl() | trusted}}', 
-  sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms'
+  sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms allow-downloads'
  )
  | Loading
 .loading-overlay(ng-if='ctrl.loading')
--- a/config/application.rb
+++ b/config/application.rb
@@ -43,7 +43,7 @@ module StandardNotes
         base_uri: %w('self'),
         block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/
         child_src: ["*", "blob:"],
-         frame_src: ["*", "blob:"],
+         frame_src: ["*", "blob:", "data:"],
         connect_src: ["*"],
         font_src: %w(* 'self'),
         form_action: %w('self'),