rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #418 from standardnotes/csp-action-bar

Browse Source 
fix: update CSP to allow action bar to download notes
This commit is contained in:
Mo Bitar
2020-06-25 07:39:38 -05:00
committed by GitHub
parent 54b6fea047 80b4b530ee
commit 793137479d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/templates/directives/component-view.pug
View File

@@ -89,7 +89,7 @@ iframe(
ng-attr-id='component-iframe-{{ctrl.component.uuid}}', ng-attr-id='component-iframe-{{ctrl.component.uuid}}',
ng-if='ctrl.component && ctrl.componentValid', ng-if='ctrl.component && ctrl.componentValid',
ng-src='{{ctrl.getUrl() | trusted}}', ng-src='{{ctrl.getUrl() | trusted}}',
sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms' sandbox='allow-scripts allow-top-navigation-by-user-activation allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-modals allow-forms allow-downloads'
) )
| Loading | Loading
.loading-overlay(ng-if='ctrl.loading') .loading-overlay(ng-if='ctrl.loading')

2
config/application.rb
View File

@@ -43,7 +43,7 @@ module StandardNotes
base_uri: %w('self'), base_uri: %w('self'),
block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/ block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/
child_src: ["*", "blob:"], child_src: ["*", "blob:"],
frame_src: ["*", "blob:"], frame_src: ["*", "blob:", "data:"],
connect_src: ["*"], connect_src: ["*"],
font_src: %w(* 'self'), font_src: %w(* 'self'),
form_action: %w('self'), form_action: %w('self'),