From 964c6f135794ff6b65c0a9dea6ab7e788cece96b Mon Sep 17 00:00:00 2001 From: Ningsong Shen Date: Tue, 23 Jun 2020 15:17:33 -0400 Subject: [PATCH 1/2] fix: update CSP to allow action bar to download notes --- config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 754c27ab6..ebbcc7664 100644 --- a/config/application.rb +++ b/config/application.rb @@ -43,7 +43,7 @@ module StandardNotes base_uri: %w('self'), block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/ child_src: ["*", "blob:"], - frame_src: ["*", "blob:"], + frame_src: ["*", "blob:", "data:"], connect_src: ["*"], font_src: %w(* 'self'), form_action: %w('self'), From 80b4b530ee05f2b874ac22ffa7a3862ad818ce1e Mon Sep 17 00:00:00 2001 From: Ningsong Shen Date: Wed, 24 Jun 2020 15:09:35 -0400 Subject: [PATCH 2/2] fix: add flag to sandbox so that action bar can save notes in chrome --- app/assets/templates/directives/component-view.pug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/templates/directives/component-view.pug b/app/assets/templates/directives/component-view.pug index 59a8a388d..610e2ab02 100644 --- a/app/assets/templates/directives/component-view.pug +++ b/app/assets/templates/directives/component-view.pug @@ -89,7 +89,7 @@ iframe( ng-attr-id='component-iframe-{{ctrl.component.uuid}}', ng-if='ctrl.component && ctrl.componentValid', ng-src='{{ctrl.getUrl() | trusted}}', - sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms' + sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms allow-downloads' ) | Loading .loading-overlay(ng-if='ctrl.loading')