From e143873a200e6dd08a14b9aa809756ba8de5893e Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 17 Jun 2021 09:09:04 +0530 Subject: [PATCH 1/3] display the currently set FLoC header in the checkup page's warning message. Addresses #757 --- www/checkup/main.js | 46 +++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/www/checkup/main.js b/www/checkup/main.js index 34c45b514..925cd4b7b 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -391,21 +391,32 @@ define([ assert(function (cb, msg) { setWarningClass(msg); - msg.appendChild(h('span', [ - "You haven't opted out of participation in Google's ", - code('FLoC'), - " targeted advertizing network. This can be done by adding a ", - code('permissions-policy'), - " HTTP header with a value of ", - code('interest-cohort=()'), - " in your reverse proxy's configuration. See the provided NGINX configuration file for an example. ", - h('p', [ - link("https://www.eff.org/deeplinks/2021/04/am-i-floced-launch", 'Learn more'), - ]), - ])); + + var printMessage = function (value) { + msg.appendChild(h('span', [ + "This instance hasn't opted out of participation in Google's ", + code('FLoC'), + " targeted advertizing network. ", + + "This can be done by setting a ", + code('permissions-policy'), + " HTTP header with a value of ", + code('"interest-cohort=()"'), + " in the configuration of its reverse proxy instead of the current value (", + code(value), + "). See the provided NGINX configuration file for an example. ", + + h('p', [ + link("https://www.eff.org/deeplinks/2021/04/am-i-floced-launch", 'Learn more'), + ]), + ])); + }; + $.ajax('/?'+ (+new Date()), { complete: function (xhr) { - cb(xhr.getResponseHeader('permissions-policy') === 'interest-cohort=()'); + var header = xhr.getResponseHeader('permissions-policy'); + printMessage(JSON.stringify(header)); + cb(header === 'interest-cohort=()' || header); }, }); }); @@ -735,11 +746,18 @@ define([ }; var failureReport = function (obj) { + var printableValue = obj.output; + try { + printableValue = JSON.stringify(obj.output); + } catch (err) { + console.error(err); + } + return h('div.error', [ h('h5', obj.message), h('table', [ row(["Failed test number", obj.test + 1]), - row(["Returned value", obj.output]), + row(["Returned value", code(printableValue)]), ]), ]); }; From 92c814e49dc6993bad29383f92f9f3e5c5d84a61 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 17 Jun 2021 09:24:32 +0530 Subject: [PATCH 2/3] construct media-tags with hyperscript instead of HTML --- www/common/common-ui-elements.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 8d9f3fbd1..3e27b4ee7 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -1045,8 +1045,10 @@ define([ var privateDat = common.getMetadataMgr().getPrivateData(); var origin = privateDat.fileHost || privateDat.origin; var src = data.src = data.src.slice(0,1) === '/' ? origin + data.src : data.src; - cfg.embed($(''), data); + cfg.embed(h('media-tag', { + src: src, + 'data-crypto-key': 'cryptpad:' + data.key, + }), data); }); } From abc9466abe71a76d1d31ef6a3c2c9bba4d2233e4 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 17 Jun 2021 09:24:58 +0530 Subject: [PATCH 3/3] guard against invalid team info --- www/common/cryptpad-common.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 6c1828897..9eb5398e7 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -92,7 +92,12 @@ define([ if (!obj || obj.error) { return; } Object.keys(obj || {}).forEach(function (id) { var t = obj[id]; - var _keys = t.keys.drive || {}; + var _keys = {}; + try { + _keys = t.keys.drive || {}; + } catch (err) { + console.error(err); + } _keys.id = id; if (!_keys.edPrivate) { return; } keys.push(t.keys.drive);