From e6c51e3dffd795e879a303d22237435dd60fae5b Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 24 Mar 2022 12:43:16 +0530 Subject: [PATCH] remove hardcoded translations and invert remote embedding logic --- customize.dist/four-oh-four.js | 2 -- lib/commands/admin-rpc.js | 2 +- lib/decrees.js | 2 +- lib/defaults.js | 4 +-- lib/env.js | 2 +- server.js | 6 ++-- www/admin/inner.js | 57 ++++++++++++++++--------------- www/checkup/main.js | 18 +++++----- www/common/inner/share.js | 4 +-- www/common/sframe-common-outer.js | 8 ++--- 10 files changed, 51 insertions(+), 54 deletions(-) diff --git a/customize.dist/four-oh-four.js b/customize.dist/four-oh-four.js index b344a4af8..91f8450ef 100644 --- a/customize.dist/four-oh-four.js +++ b/customize.dist/four-oh-four.js @@ -12,8 +12,6 @@ define([ src: '/customize/CryptPad_logo_grey.svg?' + urlArgs }); - Messages.fivehundred_internalServerError = 'Internal Server Error'; // XXX - var is500 = Boolean(document.querySelector('#five-hundred')); var brand = h('h1#cp-brand', 'CryptPad'); var message = h('h2#cp-scramble', Messages[is500? 'fivehundred_internalServerError':'four04_pageNotFound']); diff --git a/lib/commands/admin-rpc.js b/lib/commands/admin-rpc.js index f38c09d88..57b91c8d6 100644 --- a/lib/commands/admin-rpc.js +++ b/lib/commands/admin-rpc.js @@ -324,7 +324,7 @@ var setLastEviction = function (Env, Server, cb, data, unsafeKey) { var instanceStatus = function (Env, Server, cb) { cb(void 0, { restrictRegistration: Env.restrictRegistration, - disableEmbedding: Env.disableEmbedding, + enableEmbedding: Env.enableEmbedding, launchTime: Env.launchTime, currentTime: +new Date(), diff --git a/lib/decrees.js b/lib/decrees.js index b777a16d4..61f5130df 100644 --- a/lib/decrees.js +++ b/lib/decrees.js @@ -95,7 +95,7 @@ var makeBooleanSetter = function (attr) { }; // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_EMBEDDING', [true]]], console.log) -commands.DISABLE_EMBEDDING = makeBooleanSetter('disableEmbedding'); +commands.ENABLE_EMBEDDING = makeBooleanSetter('enableEmbedding'); // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log) commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration'); diff --git a/lib/defaults.js b/lib/defaults.js index 663d4bd02..f9e351c47 100644 --- a/lib/defaults.js +++ b/lib/defaults.js @@ -32,7 +32,7 @@ Default.commonCSP = function (Env) { "media-src blob:", // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox - Env.disableEmbedding? `frame-ancestors ${domain}${sandbox}`: "frame-ancestors *", + Env.enableEmbedding? "frame-ancestors *": `frame-ancestors ${domain}${sandbox}`, "worker-src 'self'", "" ]; @@ -50,7 +50,7 @@ Default.httpHeaders = function (Env) { return { "X-XSS-Protection": "1; mode=block", "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": Env.disableEmbedding? Env.permittedEmbedders: "*", + "Access-Control-Allow-Origin": Env.enableEmbedding? '*': Env.permittedEmbedders, "Permissions-policy":"interest-cohort=()" }; }; diff --git a/lib/env.js b/lib/env.js index 1923dcc9e..c9975ce93 100644 --- a/lib/env.js +++ b/lib/env.js @@ -175,7 +175,7 @@ module.exports.create = function (config) { }, // as of 4.14.0 you need to opt-in to remote embedding. - disableEmbedding: true, + enableEmbedding: false, /* FIXME restrictRegistration is initialized as false and then overridden by admin decree There is a narrow window in which someone could register before the server updates this value. diff --git a/server.js b/server.js index e347cf16c..7c9667d3c 100644 --- a/server.js +++ b/server.js @@ -120,7 +120,7 @@ app.use('/blob', function (req, res, next) { if (req.method === 'HEAD') { Express.static(Path.join(__dirname, Env.paths.blob), { setHeaders: function (res, path, stat) { - res.set('Access-Control-Allow-Origin', Env.disableEmbedding? Env.permittedEmbedders: '*'); + res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders); res.set('Access-Control-Allow-Headers', 'Content-Length'); res.set('Access-Control-Expose-Headers', 'Content-Length'); } @@ -132,7 +132,7 @@ app.use('/blob', function (req, res, next) { app.use(function (req, res, next) { if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) { - res.setHeader('Access-Control-Allow-Origin', Env.disableEmbedding? Env.permittedEmbedders: '*'); + res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders); res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS'); res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin'); res.setHeader('Access-Control-Max-Age', 1728000); @@ -234,7 +234,7 @@ var serveConfig = makeRouteCache(function (host) { premiumUploadSize: Env.premiumUploadSize, restrictRegistration: Env.restrictRegistration, httpSafeOrigin: Env.httpSafeOrigin, - disableEmbedding: Env.disableEmbedding, + enableEmbedding: Env.enableEmbedding, fileHost: Env.fileHost, shouldUpdateNode: Env.shouldUpdateNode || undefined, }, null, '\t'), diff --git a/www/admin/inner.js b/www/admin/inner.js index 7ed7651c3..934589ea7 100644 --- a/www/admin/inner.js +++ b/www/admin/inner.js @@ -54,7 +54,7 @@ define([ 'cp-admin-flush-cache', 'cp-admin-update-limit', 'cp-admin-registration', - 'cp-admin-disableembeds', + 'cp-admin-enableembeds', 'cp-admin-email', 'cp-admin-instance-info-notice', @@ -299,6 +299,12 @@ define([ var state = data.getState(); var key = data.key; var $div = makeBlock(key); + var $hint; + if (data.hintElement) { + $hint = $div.find('.cp-sidebarlayout-description'); + $hint.html(''); + $hint.append(data.hintElement); + } var labelKey = 'admin_' + keyToCamlCase(key) + 'Label'; var titleKey = 'admin_' + keyToCamlCase(key) + 'Title'; @@ -321,13 +327,20 @@ define([ }; }; - Messages.admin_cacheEvictionRequired = "Your server's internal state has been updated, but you may need to use the 'flush cache' button for clients to experience the intended effect."; // XXX - Messages.admin_reviewCheckupNotice = "It is also recommended that you review this instance's checkup page to confirm that it is configured correctly."; // XXX var flushCacheNotice = function () { - UI.alert(h('span', [ - h('p', Messages.admin_cacheEvictionRequired), - h('p', Messages.admin_reviewCheckupNotice), - ])); + var notice = UIElements.setHTML(h('p'), Messages.admin_reviewCheckupNotice); + $(notice).find('a').attr({ + href: new URL('/checkup/', ApiConfig.httpUnsafeOrigin).href, + }).click(function (ev) { + ev.preventDefault(); + ev.stopPropagation(); + common.openURL('/checkup/'); + }); + var content = h('span', [ + UIElements.setHTML(h('p'), Messages.admin_cacheEvictionRequired), + notice, + ]); + UI.alert(content); }; // Msg.admin_registrationHint, .admin_registrationTitle @@ -353,25 +366,23 @@ define([ }, }); - Messages.admin_disableembedsTitle = "Disable remote embedding"; // XXX - Messages.admin_disableembedsHint = "Remove options to embed pads and media-tags hosted on third party websites from sharing menus."; // XXX - // Msg.admin_disableembedsHint, .admin_disableembedsTitle - create['disableembeds'] = makeAdminCheckbox({ - key: 'disableembeds', + // Msg.admin_enableembedsHint, .admin_enableembedsTitle + create['enableembeds'] = makeAdminCheckbox({ + key: 'enableembeds', getState: function () { - return APP.instanceStatus.disableEmbedding; + return APP.instanceStatus.enableEmbedding; }, query: function (val, setState) { sFrameChan.query('Q_ADMIN_RPC', { cmd: 'ADMIN_DECREE', - data: ['DISABLE_EMBEDDING', [val]] + data: ['ENABLE_EMBEDDING', [val]] }, function (e, response) { if (e || response.error) { UI.warn(Messages.error); console.error(e, response); } APP.updateStatus(function () { - setState(APP.instanceStatus.disableEmbedding); + setState(APP.instanceStatus.enableEmbedding); flushCacheNotice(); }); }); @@ -426,7 +437,7 @@ define([ var input = h('input.cp-listing-info', { type: 'text', value: APP.instanceStatus.instanceJurisdiction || '', - placeholder: Messages.admin_jurisdictionPlaceholder || Messages.owner_unknownUser, // XXX + placeholder: Messages.owner_unknownUser || '', }); var $input = $(input); var innerDiv = h('div.cp-admin-setjurisdiction-form', input); @@ -457,9 +468,6 @@ define([ return $div; }; - Messages.admin_infoNotice1 = "The following fields describe your instance. Data entered will only be included in your server's telemetry if you opt in to inclusion in the list of public CryptPad instances."; // XXX - Messages.admin_infoNotice2 = "See the 'Network' tab for more details."; // XXX - create['instance-info-notice'] = function () { return $(h('div.cp-admin-instance-info-notice.cp-sidebarlayout-element', h('div.alert.alert-info.cp-admin-bigger-alert', [ @@ -1932,10 +1940,8 @@ define([ return $div; }; - Messages.admin_enableDiskMeasurementsTitle = "Measure disk performance"; // XXX - Messages.admin_enableDiskMeasurementsHint = "If enabled, a JSON endpoint will be exposed under /api/profiling which keeps a running measurement of disk I/O within a configurable window (set below). This setting can impact server performance and may reveal data you'd rather keep hidden. It is recommended that you leave it disabled unless you know what you are doing."; // XXX - create['enable-disk-measurements'] = makeAdminCheckbox({ // Msg.admin_enableDiskMeasurementsTitle.admin_enableDiskMeasurementsHint + hintElement: UIElements.setHTML(h('span'), Messages.admin_enableDiskMeasurementsHint), key: 'enable-disk-measurements', getState: function () { return APP.instanceStatus.enableProfiling; @@ -1956,11 +1962,6 @@ define([ }, }); - Messages.admin_bytesWrittenTitle = "Disk performance measurement window"; // XXX - Messages.admin_bytesWrittenHint = "If you have enabled disk performance measurements then the duration of the window can be configured below."; // XXX - Messages.admin_bytesWrittenDuration = "Duration of the window in milliseconds: {0}"; // XXX - Messages.admin_setDuration = "Set duration"; // XXX - var isPositiveInteger = function (n) { return n && typeof(n) === 'number' && n % 1 === 0 && n > 0; }; @@ -1974,7 +1975,7 @@ define([ var newDuration = h('input', {type: 'number', min: 0, value: duration}); var set = h('button.btn.btn-primary', Messages.admin_setDuration); $div.append(h('div', [ - h('span.cp-admin-bytes-written-duration', Messages._getKey('admin_bytesWrittenDuration', [duration])), + h('span.cp-admin-bytes-written-duration', Messages.ui_ms), h('div.cp-admin-setlimit-form', [ newDuration, h('nav', [set]) diff --git a/www/checkup/main.js b/www/checkup/main.js index 1f3ea8e3f..4d4927387 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -990,7 +990,7 @@ define([ 'img-src': ["'self'", 'data:', 'blob:', $outer], 'media-src': ['blob:'], - 'frame-ancestors': ApiConfig.disableEmbedding? [$outer, $sandbox]: ['*'], + 'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox], 'worker-src': ["'self'"], }); cb(result); @@ -1028,7 +1028,7 @@ define([ ], 'img-src': ["'self'", 'data:', 'blob:', $outer], 'media-src': ['blob:'], - 'frame-ancestors': ApiConfig.disableEmbedding? [$outer, $sandbox]: ['*'], + 'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox], 'worker-src': ["'self'"],//, $outer, $sandbox], }); @@ -1046,12 +1046,11 @@ define([ var checkAllowedOrigins = function (raw, url, msg, cb) { var header = 'Access-Control-Allow-Origin'; var expected; - if (ApiConfig.disableEmbedding) { + if (!ApiConfig.enableEmbedding) { expected = trimmedSafe; msg.appendChild(h('span', [ - 'This instance has been configured to disable support for embedding assets and documents in third-party websites. ', - 'In order for this setting to be effective while still permitting encrypted media to load locally ', - 'the ', + 'This instance has not been configured to enable support for embedding assets and documents in third-party websites. ', + 'In order for this setting to be effective while still permitting encrypted media to load locally the ', code(header), ' should only match trusted domains.', ' Under most circumstances it is sufficient to permit only the sandbox domain to load assets.', @@ -1061,19 +1060,18 @@ define([ expected = '*'; msg.appendChild(h('span', [ "This instance has been configured to permit embedding assets and documents in third-party websites.", - 'Assets must be served with an ', + 'In order for this setting to be effective, assets must be served with an ', code(header), ' header with a value of ', code("'*'"), - '.', - ' Remote embedding can be disabled via the admin panel.', + '. Remote embedding can be disabled via the admin panel.', ])); } if (raw === expected) { return void cb(true); } cb({ url: url, response: raw, - disableEmbedding: ApiConfig.disableEmbedding, + enableEmbedding: ApiConfig.enableEmbedding, }); }; diff --git a/www/common/inner/share.js b/www/common/inner/share.js index 7e2f0a6b0..d9cae4c3b 100644 --- a/www/common/inner/share.js +++ b/www/common/inner/share.js @@ -781,7 +781,7 @@ define([ icon: "fa fa-link", active: !contactsActive, }]; - if (!opts.static && !ApiConfig.disableEmbedding && embeddableApps.includes(pathname)) { + if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) { tabs.push({ getTab: getEmbedTab, title: Messages.share_embedCategory, @@ -977,7 +977,7 @@ define([ active: !hasFriends, }]; - if (!ApiConfig.disableEmbedding) { + if (ApiConfig.enableEmbedding) { tabs.push({ getTab: getFileEmbedTab, title: Messages.share_embedCategory, diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index ed6962328..92fc167f6 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -21,18 +21,18 @@ define([ common.initIframe = function (waitFor, isRt, pathname) { if (window.top !== window) { - if (ApiConfig.disableEmbedding) { - return void window.alert(`This CryptPad instance's administrators have disabled remote embedding of its editors.`); + if (!ApiConfig.enableEmbedding) { + return void window.alert(Messages.error_embeddingDisabled); } // even where embedding is not forbidden it should still be limited // to apps that are explicitly permitted if (!embeddableApps.includes(window.location.pathname)) { - return void window.alert(`Embedding this CryptPad editor in remote pages is not supported.`); + return void window.alert(Messages.error_embeddingDisabledSpecific); } } if (window.location.origin !== ApiConfig.httpUnsafeOrigin) { - return void window.alert(`This page is configured to only be accessed via ${ApiConfig.httpUnsafeOrigin}.`); + return void window.alert(Messages._getKey('error_incorrectAccess', [ApiConfig.httpUnsafeOrigin])); } var requireConfig = RequireConfig();