From 85d0550a2094ec007e20a6cefef95ea615d7b520 Mon Sep 17 00:00:00 2001 From: Aman Harwara Date: Sat, 20 Apr 2024 16:13:59 +0530 Subject: [PATCH] chore: fix evernote attachment imports causing CSP issues [skip e2e] --- .../EvernoteConverter/EvernoteConverter.ts | 4 ++-- packages/ui-services/src/Import/Utils.ts | 17 +++++++++++++++++ packages/web/web.webpack.dev.js | 2 +- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/packages/ui-services/src/Import/EvernoteConverter/EvernoteConverter.ts b/packages/ui-services/src/Import/EvernoteConverter/EvernoteConverter.ts index 6588b10a8..f19fc7b14 100644 --- a/packages/ui-services/src/Import/EvernoteConverter/EvernoteConverter.ts +++ b/packages/ui-services/src/Import/EvernoteConverter/EvernoteConverter.ts @@ -7,6 +7,7 @@ import MD5 from 'crypto-js/md5' import Base64 from 'crypto-js/enc-base64' import { Converter, UploadFileFn } from '../Converter' import { ConversionResult } from '../ConversionResult' +import { getBlobFromBase64 } from '../Utils' dayjs.extend(customParseFormat) dayjs.extend(utc) @@ -330,8 +331,7 @@ export class EvernoteConverter implements Converter { } async getFileFromResource(resource: EvernoteResource): Promise { - const response = await fetch(resource.data) - const blob = await response.blob() + const blob = getBlobFromBase64(resource.data, resource.mimeType) return new File([blob], resource.fileName, { type: resource.mimeType }) } diff --git a/packages/ui-services/src/Import/Utils.ts b/packages/ui-services/src/Import/Utils.ts index a9b79dcc0..d4d2b31c7 100644 --- a/packages/ui-services/src/Import/Utils.ts +++ b/packages/ui-services/src/Import/Utils.ts @@ -11,3 +11,20 @@ export const readFileAsText = (file: File): Promise => { reader.readAsText(file) }) } + +export const getBlobFromBase64 = (b64Data: string, contentType = '') => { + const byteString = atob(b64Data.split(',')[1]) + + if (!contentType) { + contentType = b64Data.split(',')[0].split(':')[1].split(';')[0] + } + + const buffer = new ArrayBuffer(byteString.length) + const view = new Uint8Array(buffer) + for (let i = 0; i < byteString.length; i++) { + view[i] = byteString.charCodeAt(i) + } + + const blob = new Blob([buffer], { type: contentType }) + return blob +} diff --git a/packages/web/web.webpack.dev.js b/packages/web/web.webpack.dev.js index 058ba199b..6fb6074f0 100644 --- a/packages/web/web.webpack.dev.js +++ b/packages/web/web.webpack.dev.js @@ -20,7 +20,7 @@ module.exports = (env, argv) => { headers: { 'Access-Control-Allow-Origin': '*', 'Content-Security-Policy': - "default-src https: 'self'; base-uri 'self'; child-src * blob:; connect-src * data: blob:; font-src * data:; form-action 'self'; frame-ancestors * file:; frame-src * blob:; img-src 'self' * data: blob:; manifest-src 'self'; media-src 'self' blob: *.standardnotes.com; object-src 'self' blob: *.standardnotes.com; script-src 'self' 'sha256-r26E+iPOhx7KM7cKn4trOSoD8u5E7wL7wwJ8UrR+rGs=' 'unsafe-eval' 'wasm-unsafe-eval'; style-src *;", + "default-src https: 'self'; base-uri 'self'; child-src * blob:; connect-src * blob:; font-src * data:; form-action 'self'; frame-ancestors * file:; frame-src * blob:; img-src 'self' * data: blob:; manifest-src 'self'; media-src 'self' blob: *.standardnotes.com; object-src 'self' blob: *.standardnotes.com; script-src 'self' 'sha256-r26E+iPOhx7KM7cKn4trOSoD8u5E7wL7wwJ8UrR+rGs=' 'unsafe-eval' 'wasm-unsafe-eval'; style-src *;", }, hot: true, static: './dist',