From b050f0409091624a1732f0717b9e075ece3a0be6 Mon Sep 17 00:00:00 2001 From: yflory Date: Tue, 19 Oct 2021 17:09:42 +0200 Subject: [PATCH 1/7] Fix CSP errors in oodoc and ooslide --- docs/example.nginx.conf | 4 ++-- www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf index 817b20527..a84849790 100644 --- a/docs/example.nginx.conf +++ b/docs/example.nginx.conf @@ -64,7 +64,7 @@ server { add_header Permissions-Policy interest-cohort=(); set $coop ''; - if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; } + #if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; } # Enable SharedArrayBuffer in Firefox (for .xlsx export) add_header Cross-Origin-Resource-Policy cross-origin; @@ -120,7 +120,7 @@ server { # the following assets are loaded via the sandbox domain # they unfortunately still require exceptions to the sandboxing to work correctly. if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; } - if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; } + if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; } # everything except the sandbox domain is a privileged scope, as they might be used to handle keys if ($host != $sandbox_domain) { set $unsafe 0; } diff --git a/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js b/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js index d3536366d..430a6cec0 100644 --- a/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js +++ b/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js @@ -2004,8 +2004,8 @@ function(){this.WordControl.m_oLogicDocument.bringForward()};asc_docs_api.protot function(slideNum){this.sendEvent("asc_onDemonstrationSlideChanged",slideNum)};asc_docs_api.prototype.StartDemonstration=function(div_id,slidestart_num,reporterStartObject){if(window.g_asc_plugins)window.g_asc_plugins.stopWorked();var is_reporter=reporterStartObject&&!this.isReporterMode;if(is_reporter)this.DemonstrationReporterStart(reporterStartObject);if(is_reporter&&(this.reporterWindow||window["AscDesktopEditor"]))this.WordControl.DemonstrationManager.StartWaitReporter(div_id,slidestart_num, true);else this.WordControl.DemonstrationManager.Start(div_id,slidestart_num,true);if(undefined!==this.EndShowMessage){this.WordControl.DemonstrationManager.EndShowMessage=this.EndShowMessage;this.EndShowMessage=undefined}};asc_docs_api.prototype.EndDemonstration=function(isNoUseFullScreen){if(this.windowReporter)this.windowReporter.close();this.WordControl.DemonstrationManager.End(isNoUseFullScreen)};asc_docs_api.prototype.DemonstrationReporterStart=function(startObject){this.reporterStartObject= startObject;this.reporterStartObject["translate"]=AscCommon.translateManager.mapTranslate;if(window["AscDesktopEditor"]){window["AscDesktopEditor"]["startReporter"](window.location.href);this.reporterWindow={};return}var dualScreenLeft=window.screenLeft!=undefined?window.screenLeft:screen.left;var dualScreenTop=window.screenTop!=undefined?window.screenTop:screen.top;var width=window.innerWidth?window.innerWidth:document.documentElement.clientWidth?document.documentElement.clientWidth:screen.width; -var height=window.innerHeight?window.innerHeight:document.documentElement.clientHeight?document.documentElement.clientHeight:screen.height;var w=800;var h=600;var left=width/2-w/2+dualScreenLeft;var top=height/2-h/2+dualScreenTop;var _windowPos="width="+w+",height="+h+",left="+left+",top="+top;var _url="index.reporter.html";if(this.locale)_url+="?lang="+this.locale;this.reporterWindow=window.open(_url,"_blank","resizable=yes,status=0,toolbar=0,location=0,menubar=0,directories=0,scrollbars=0,"+_windowPos); -if(!this.reporterWindow)return;var w=this.reporterWindow;require(["/common/outer/worker-channel.js","/common/common-util.js"],function(Channel,Util){var msgEv=Util.mkEvent();window.addEventListener("message",function(msg){if(msg.source!==w)return;msgEv.fire(msg)});var postMsg=function(data){w.postMessage(data,"*")};Channel.create(msgEv,postMsg,function(chan){var send=function(obj){chan.event("CMD",obj)};chan.on("CMD",function(obj){if(obj.type!=="auth")return;send({type:"authChanges",changes:[]}); +var height=window.innerHeight?window.innerHeight:document.documentElement.clientHeight?document.documentElement.clientHeight:screen.height;var w=800;var h=600;var left=width/2-w/2+dualScreenLeft;var top=height/2-h/2+dualScreenTop;var _windowPos="width="+w+",height="+h+",left="+left+",top="+top;var urlArgs=window.parent&&window.parent.APP&&window.parent.APP.urlArgs||"";var _url="index.reporter.html?"+urlArgs;if(this.locale)_url+="&lang="+this.locale;this.reporterWindow=window.open(_url,"_blank","resizable=yes,status=0,toolbar=0,location=0,menubar=0,directories=0,scrollbars=0,"+ +_windowPos);if(!this.reporterWindow)return;var w=this.reporterWindow;require(["/common/outer/worker-channel.js","/common/common-util.js"],function(Channel,Util){var msgEv=Util.mkEvent();window.addEventListener("message",function(msg){if(msg.source!==w)return;msgEv.fire(msg)});var postMsg=function(data){w.postMessage(data,"*")};Channel.create(msgEv,postMsg,function(chan){var send=function(obj){chan.event("CMD",obj)};chan.on("CMD",function(obj){if(obj.type!=="auth")return;send({type:"authChanges",changes:[]}); send({type:"auth",result:1,sessionId:"06348ca8f861a0af3548ae38360aa617",participants:[],locks:[],changes:[],changesIndex:0,indexUser:0,buildVersion:"5.2.6",buildNumber:2,licenseType:3});send({type:"documentOpen",data:{"type":"open","status":"ok","data":{"Editor.bin":editor.reporterStartObject.url}}})})})});this.reporterWindowCounter=0;if(!AscCommon.AscBrowser.isSafariMacOs)this.reporterWindow.onbeforeunload=function(){window.editor.EndDemonstration()};this.reporterWindow.onunload=function(){window.editor.reporterWindowCounter++; if(1 Date: Wed, 20 Oct 2021 12:19:01 +0530 Subject: [PATCH 2/7] disable outdated tests --- www/checkup/main.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/www/checkup/main.js b/www/checkup/main.js index d3841b8bd..fd0b41a27 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -685,6 +685,7 @@ define([ }); }); +/* assert(function (cb, msg) { var url = '/sheet/inner.html'; msg.appendChild(h('span', [ @@ -703,6 +704,7 @@ define([ cb(content === 'same-origin'); }); }); +*/ var safariGripe = function () { return h('p.cp-notice-other', 'This is expected because Safari and platforms that use its engine lack commonly supported functionality.'); @@ -802,10 +804,10 @@ define([ }); [ - 'sheet', - 'presentation', - 'doc', - 'convert', + //'sheet', + //'presentation', + //'doc', + //'convert', ].forEach(function (url) { assert(function (cb, msg) { var header = 'cross-origin-opener-policy'; @@ -830,7 +832,7 @@ define([ }); }); - assert(function (cb, msg) { // XXX + assert(function (cb, msg) { // check that the sandbox domain is included in connect-src msg.appendChild(h('span', [ "This instance's ", From 4e3c0f32cf609e49d821a1a18c737e5ce7604ee1 Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 20 Oct 2021 12:20:09 +0530 Subject: [PATCH 3/7] enable oo presenter mode and embedded chart editor on dev instances --- server.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/server.js b/server.js index 49385d74d..ddd2fcb88 100644 --- a/server.js +++ b/server.js @@ -85,9 +85,10 @@ var setHeaders = (function () { if (Object.keys(headers).length) { return function (req, res) { // apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere + /* applyHeaderMap(res, { "Cross-Origin-Opener-Policy": /^\/(sheet|presentation|doc|convert)\//.test(req.url)? 'same-origin': '', - }); + });*/ if (Env.NO_SANDBOX) { // handles correct configuration for local development // https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs @@ -108,7 +109,7 @@ var setHeaders = (function () { // targeted CSP, generic policies, maybe custom headers const h = [ - /^\/common\/onlyoffice\/.*\/index\.html.*/, + /^\/common\/onlyoffice\/.*\.html.*/, /^\/(sheet|presentation|doc)\/inner\.html.*/, /^\/unsafeiframe\/inner\.html.*$/, ].some((regex) => { From d70b0ed037d2f6fe8b8b6ac1a13e89b43c0d0b75 Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 20 Oct 2021 12:21:21 +0530 Subject: [PATCH 4/7] lint compliance --- www/convert/main.js | 2 +- www/unsafeiframe/inner.js | 18 +++++++++--------- www/unsafeiframe/main.js | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/www/convert/main.js b/www/convert/main.js index 04ab76846..1d74f26b8 100644 --- a/www/convert/main.js +++ b/www/convert/main.js @@ -17,7 +17,7 @@ define([ category = window.location.hash.slice(1); window.location.hash = ''; } - var addRpc = function (sframeChan) { + var addRpc = function (sframeChan, CryptPad, Utils) { // X2T sframeChan.on('Q_OO_CONVERT', function (obj, cb) { obj.modal = 'x2t'; diff --git a/www/unsafeiframe/inner.js b/www/unsafeiframe/inner.js index 34a13cbe1..73374182b 100644 --- a/www/unsafeiframe/inner.js +++ b/www/unsafeiframe/inner.js @@ -6,10 +6,10 @@ define([ '/common/common-interface.js', '/common/common-ui-elements.js', '/common/common-util.js', - '/common/common-hash.js', - '/common/hyperscript.js', - 'json.sortify', - '/customize/messages.js', + //'/common/common-hash.js', + //'/common/hyperscript.js', + //'json.sortify', + //'/customize/messages.js', ], function ( $, Crypto, @@ -17,19 +17,19 @@ define([ SFCommon, UI, UIElements, - Util, + Util /*, Hash, h, Sortify, - Messages) + Messages */) { var APP = window.APP = {}; var andThen = function (common) { - var metadataMgr = common.getMetadataMgr(); + //var metadataMgr = common.getMetadataMgr(); var sframeChan = common.getSframeChannel(); - var $body = $('body'); - var displayed; + //var $body = $('body'); + //var displayed; var create = {}; diff --git a/www/unsafeiframe/main.js b/www/unsafeiframe/main.js index c36d4f641..fc2669d91 100644 --- a/www/unsafeiframe/main.js +++ b/www/unsafeiframe/main.js @@ -4,8 +4,8 @@ define([ '/api/config', 'jquery', '/common/requireconfig.js', - '/customize/messages.js', -], function (nThen, ApiConfig, $, RequireConfig, Messages) { + //'/customize/messages.js', +], function (nThen, ApiConfig, $, RequireConfig /*, Messages */) { var requireConfig = RequireConfig(); var ready = false; From eb4563b914edb7a8a823cdf115c637a2d4b64bde Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 20 Oct 2021 12:21:53 +0530 Subject: [PATCH 5/7] larger OnlyOffice checkpoint intervals --- www/common/onlyoffice/inner.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/common/onlyoffice/inner.js b/www/common/onlyoffice/inner.js index 07a45df92..e59bdea03 100644 --- a/www/common/onlyoffice/inner.js +++ b/www/common/onlyoffice/inner.js @@ -58,8 +58,8 @@ define([ urlArgs: Util.find(ApiConfig, ['requireConf', 'urlArgs']) }; - var CHECKPOINT_INTERVAL = 20; // XXX - var FORCE_CHECKPOINT_INTERVAL = 50; // XXX + var CHECKPOINT_INTERVAL = 100; // XXX + var FORCE_CHECKPOINT_INTERVAL = 600; // XXX var DISPLAY_RESTORE_BUTTON = false; var NEW_VERSION = 4; // version of the .bin, patches and ChainPad formats var PENDING_TIMEOUT = 30000; From bf148ca92c61d60c7765df320c17c51b63ac3b60 Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 20 Oct 2021 12:37:25 +0530 Subject: [PATCH 6/7] update jshintrc to es6 and stop polyfilling for apps --- .jshintrc | 1 + www/common/boot2.js | 5 ----- www/common/sframe-boot2.js | 5 ----- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/.jshintrc b/.jshintrc index c95e9dbc4..761c69159 100644 --- a/.jshintrc +++ b/.jshintrc @@ -12,6 +12,7 @@ "unused": true, "futurehostile":true, "browser": true, + "esversion": 6, "predef": [ "console", "define", diff --git a/www/common/boot2.js b/www/common/boot2.js index d143da87d..097d76489 100644 --- a/www/common/boot2.js +++ b/www/common/boot2.js @@ -54,11 +54,6 @@ define([ }; } - // RPC breaks if you don't support Number.MAX_SAFE_INTEGER - if (Number && !Number.MAX_SAFE_INTEGER) { - Number.MAX_SAFE_INTEGER = 9007199254740991; - } - var failStore = function () { console.error(new Error('wut')); require(['jquery'], function ($) { diff --git a/www/common/sframe-boot2.js b/www/common/sframe-boot2.js index 66a93545f..647a520af 100644 --- a/www/common/sframe-boot2.js +++ b/www/common/sframe-boot2.js @@ -13,11 +13,6 @@ define([ }; } - // RPC breaks if you don't support Number.MAX_SAFE_INTEGER - if (Number && !Number.MAX_SAFE_INTEGER) { - Number.MAX_SAFE_INTEGER = 9007199254740991; - } - var mkFakeStore = function () { var fakeStorage = { getItem: function (k) { return fakeStorage[k]; }, From f867784ee7e46e6bfec3b761ac274befb70097a9 Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 20 Oct 2021 14:25:26 +0530 Subject: [PATCH 7/7] dial up onlyoffice checkpoint intervals --- www/common/onlyoffice/inner.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/common/onlyoffice/inner.js b/www/common/onlyoffice/inner.js index e59bdea03..dd085a9dc 100644 --- a/www/common/onlyoffice/inner.js +++ b/www/common/onlyoffice/inner.js @@ -58,8 +58,8 @@ define([ urlArgs: Util.find(ApiConfig, ['requireConf', 'urlArgs']) }; - var CHECKPOINT_INTERVAL = 100; // XXX - var FORCE_CHECKPOINT_INTERVAL = 600; // XXX + var CHECKPOINT_INTERVAL = 100; + var FORCE_CHECKPOINT_INTERVAL = 10000; var DISPLAY_RESTORE_BUTTON = false; var NEW_VERSION = 4; // version of the .bin, patches and ChainPad formats var PENDING_TIMEOUT = 30000;