infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

remove hardcoded translations and invert remote embedding logic

Browse Source
pull/1/head
ansuz 3 years ago
parent dda5011f3c
commit e6c51e3dff
10 changed files with 51 additions and 54 deletions
Show Stats Download Patch File Download Diff File

2
customize.dist/four-oh-four.js
Unescape Escape View File

@ -12,8 +12,6 @@ define([
src: '/customize/CryptPad_logo_grey.svg?' + urlArgs src: '/customize/CryptPad_logo_grey.svg?' + urlArgs
}); });
Messages.fivehundred_internalServerError = 'Internal Server Error'; // XXX
var is500 = Boolean(document.querySelector('#five-hundred')); var is500 = Boolean(document.querySelector('#five-hundred'));
var brand = h('h1#cp-brand', 'CryptPad'); var brand = h('h1#cp-brand', 'CryptPad');
var message = h('h2#cp-scramble', Messages[is500? 'fivehundred_internalServerError':'four04_pageNotFound']); var message = h('h2#cp-scramble', Messages[is500? 'fivehundred_internalServerError':'four04_pageNotFound']);

2
lib/commands/admin-rpc.js
Unescape Escape View File

@ -324,7 +324,7 @@ var setLastEviction = function (Env, Server, cb, data, unsafeKey) {
var instanceStatus = function (Env, Server, cb) { var instanceStatus = function (Env, Server, cb) {
cb(void 0, { cb(void 0, {
restrictRegistration: Env.restrictRegistration, restrictRegistration: Env.restrictRegistration,
disableEmbedding: Env.disableEmbedding, enableEmbedding: Env.enableEmbedding,
launchTime: Env.launchTime, launchTime: Env.launchTime,
currentTime: +new Date(), currentTime: +new Date(),

2
lib/decrees.js
Unescape Escape View File

@ -95,7 +95,7 @@ var makeBooleanSetter = function (attr) {
}; };
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_EMBEDDING', [true]]], console.log) // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_EMBEDDING', [true]]], console.log)
commands.DISABLE_EMBEDDING = makeBooleanSetter('disableEmbedding'); commands.ENABLE_EMBEDDING = makeBooleanSetter('enableEmbedding');
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log) // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log)
commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration'); commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration');

4
lib/defaults.js
Unescape Escape View File

@ -32,7 +32,7 @@ Default.commonCSP = function (Env) {
"media-src blob:", "media-src blob:",
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
Env.disableEmbedding? `frame-ancestors ${domain}${sandbox}`: "frame-ancestors *", Env.enableEmbedding? "frame-ancestors *": `frame-ancestors ${domain}${sandbox}`,
"worker-src 'self'", "worker-src 'self'",
"" ""
]; ];
@ -50,7 +50,7 @@ Default.httpHeaders = function (Env) {
return { return {
"X-XSS-Protection": "1; mode=block", "X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff", "X-Content-Type-Options": "nosniff",
"Access-Control-Allow-Origin": Env.disableEmbedding? Env.permittedEmbedders: "*", "Access-Control-Allow-Origin": Env.enableEmbedding? '*': Env.permittedEmbedders,
"Permissions-policy":"interest-cohort=()" "Permissions-policy":"interest-cohort=()"
}; };
}; };

2
lib/env.js
Unescape Escape View File

@ -175,7 +175,7 @@ module.exports.create = function (config) {
}, },
// as of 4.14.0 you need to opt-in to remote embedding. // as of 4.14.0 you need to opt-in to remote embedding.
disableEmbedding: true, enableEmbedding: false,
/* FIXME restrictRegistration is initialized as false and then overridden by admin decree /* FIXME restrictRegistration is initialized as false and then overridden by admin decree
There is a narrow window in which someone could register before the server updates this value. There is a narrow window in which someone could register before the server updates this value.

6
server.js
Unescape Escape View File

@ -120,7 +120,7 @@ app.use('/blob', function (req, res, next) {
if (req.method === 'HEAD') { if (req.method === 'HEAD') {
Express.static(Path.join(__dirname, Env.paths.blob), { Express.static(Path.join(__dirname, Env.paths.blob), {
setHeaders: function (res, path, stat) { setHeaders: function (res, path, stat) {
res.set('Access-Control-Allow-Origin', Env.disableEmbedding? Env.permittedEmbedders: '*'); res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
res.set('Access-Control-Allow-Headers', 'Content-Length'); res.set('Access-Control-Allow-Headers', 'Content-Length');
res.set('Access-Control-Expose-Headers', 'Content-Length'); res.set('Access-Control-Expose-Headers', 'Content-Length');
} }
@ -132,7 +132,7 @@ app.use('/blob', function (req, res, next) {
app.use(function (req, res, next) { app.use(function (req, res, next) {
if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) { if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
res.setHeader('Access-Control-Allow-Origin', Env.disableEmbedding? Env.permittedEmbedders: '*'); res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS'); res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin'); res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
res.setHeader('Access-Control-Max-Age', 1728000); res.setHeader('Access-Control-Max-Age', 1728000);
@ -234,7 +234,7 @@ var serveConfig = makeRouteCache(function (host) {
premiumUploadSize: Env.premiumUploadSize, premiumUploadSize: Env.premiumUploadSize,
restrictRegistration: Env.restrictRegistration, restrictRegistration: Env.restrictRegistration,
httpSafeOrigin: Env.httpSafeOrigin, httpSafeOrigin: Env.httpSafeOrigin,
disableEmbedding: Env.disableEmbedding, enableEmbedding: Env.enableEmbedding,
fileHost: Env.fileHost, fileHost: Env.fileHost,
shouldUpdateNode: Env.shouldUpdateNode || undefined, shouldUpdateNode: Env.shouldUpdateNode || undefined,
}, null, '\t'), }, null, '\t'),

57
www/admin/inner.js
Unescape Escape View File

@ -54,7 +54,7 @@ define([
'cp-admin-flush-cache', 'cp-admin-flush-cache',
'cp-admin-update-limit', 'cp-admin-update-limit',
'cp-admin-registration', 'cp-admin-registration',
'cp-admin-disableembeds', 'cp-admin-enableembeds',
'cp-admin-email', 'cp-admin-email',
'cp-admin-instance-info-notice', 'cp-admin-instance-info-notice',
@ -299,6 +299,12 @@ define([
var state = data.getState(); var state = data.getState();
var key = data.key; var key = data.key;
var $div = makeBlock(key); var $div = makeBlock(key);
var $hint;
if (data.hintElement) {
$hint = $div.find('.cp-sidebarlayout-description');
$hint.html('');
$hint.append(data.hintElement);
}
var labelKey = 'admin_' + keyToCamlCase(key) + 'Label'; var labelKey = 'admin_' + keyToCamlCase(key) + 'Label';
var titleKey = 'admin_' + keyToCamlCase(key) + 'Title'; var titleKey = 'admin_' + keyToCamlCase(key) + 'Title';
@ -321,13 +327,20 @@ define([
}; };
}; };
Messages.admin_cacheEvictionRequired = "Your server's internal state has been updated, but you may need to use the 'flush cache' button for clients to experience the intended effect."; // XXX
Messages.admin_reviewCheckupNotice = "It is also recommended that you review this instance's checkup page to confirm that it is configured correctly."; // XXX
var flushCacheNotice = function () { var flushCacheNotice = function () {
UI.alert(h('span', [ var notice = UIElements.setHTML(h('p'), Messages.admin_reviewCheckupNotice);
h('p', Messages.admin_cacheEvictionRequired), $(notice).find('a').attr({
h('p', Messages.admin_reviewCheckupNotice), href: new URL('/checkup/', ApiConfig.httpUnsafeOrigin).href,
])); }).click(function (ev) {
ev.preventDefault();
ev.stopPropagation();
common.openURL('/checkup/');
});
var content = h('span', [
UIElements.setHTML(h('p'), Messages.admin_cacheEvictionRequired),
notice,
]);
UI.alert(content);
}; };
// Msg.admin_registrationHint, .admin_registrationTitle // Msg.admin_registrationHint, .admin_registrationTitle
@ -353,25 +366,23 @@ define([
}, },
}); });
Messages.admin_disableembedsTitle = "Disable remote embedding"; // XXX // Msg.admin_enableembedsHint, .admin_enableembedsTitle
Messages.admin_disableembedsHint = "Remove options to embed pads and media-tags hosted on third party websites from sharing menus."; // XXX create['enableembeds'] = makeAdminCheckbox({
// Msg.admin_disableembedsHint, .admin_disableembedsTitle key: 'enableembeds',
create['disableembeds'] = makeAdminCheckbox({
key: 'disableembeds',
getState: function () { getState: function () {
return APP.instanceStatus.disableEmbedding; return APP.instanceStatus.enableEmbedding;
}, },
query: function (val, setState) { query: function (val, setState) {
sFrameChan.query('Q_ADMIN_RPC', { sFrameChan.query('Q_ADMIN_RPC', {
cmd: 'ADMIN_DECREE', cmd: 'ADMIN_DECREE',
data: ['DISABLE_EMBEDDING', [val]] data: ['ENABLE_EMBEDDING', [val]]
}, function (e, response) { }, function (e, response) {
if (e || response.error) { if (e || response.error) {
UI.warn(Messages.error); UI.warn(Messages.error);
console.error(e, response); console.error(e, response);
} }
APP.updateStatus(function () { APP.updateStatus(function () {
setState(APP.instanceStatus.disableEmbedding); setState(APP.instanceStatus.enableEmbedding);
flushCacheNotice(); flushCacheNotice();
}); });
}); });
@ -426,7 +437,7 @@ define([
var input = h('input.cp-listing-info', { var input = h('input.cp-listing-info', {
type: 'text', type: 'text',
value: APP.instanceStatus.instanceJurisdiction || '', value: APP.instanceStatus.instanceJurisdiction || '',
placeholder: Messages.admin_jurisdictionPlaceholder || Messages.owner_unknownUser, // XXX placeholder: Messages.owner_unknownUser || '',
}); });
var $input = $(input); var $input = $(input);
var innerDiv = h('div.cp-admin-setjurisdiction-form', input); var innerDiv = h('div.cp-admin-setjurisdiction-form', input);
@ -457,9 +468,6 @@ define([
return $div; return $div;
}; };
Messages.admin_infoNotice1 = "The following fields describe your instance. Data entered will only be included in your server's telemetry if you opt in to inclusion in the list of public CryptPad instances."; // XXX
Messages.admin_infoNotice2 = "See the 'Network' tab for more details."; // XXX
create['instance-info-notice'] = function () { create['instance-info-notice'] = function () {
return $(h('div.cp-admin-instance-info-notice.cp-sidebarlayout-element', return $(h('div.cp-admin-instance-info-notice.cp-sidebarlayout-element',
h('div.alert.alert-info.cp-admin-bigger-alert', [ h('div.alert.alert-info.cp-admin-bigger-alert', [
@ -1932,10 +1940,8 @@ define([
return $div; return $div;
}; };
Messages.admin_enableDiskMeasurementsTitle = "Measure disk performance"; // XXX
Messages.admin_enableDiskMeasurementsHint = "If enabled, a JSON endpoint will be exposed under /api/profiling which keeps a running measurement of disk I/O within a configurable window (set below). This setting can impact server performance and may reveal data you'd rather keep hidden. It is recommended that you leave it disabled unless you know what you are doing."; // XXX
create['enable-disk-measurements'] = makeAdminCheckbox({ // Msg.admin_enableDiskMeasurementsTitle.admin_enableDiskMeasurementsHint create['enable-disk-measurements'] = makeAdminCheckbox({ // Msg.admin_enableDiskMeasurementsTitle.admin_enableDiskMeasurementsHint
hintElement: UIElements.setHTML(h('span'), Messages.admin_enableDiskMeasurementsHint),
key: 'enable-disk-measurements', key: 'enable-disk-measurements',
getState: function () { getState: function () {
return APP.instanceStatus.enableProfiling; return APP.instanceStatus.enableProfiling;
@ -1956,11 +1962,6 @@ define([
}, },
}); });
Messages.admin_bytesWrittenTitle = "Disk performance measurement window"; // XXX
Messages.admin_bytesWrittenHint = "If you have enabled disk performance measurements then the duration of the window can be configured below."; // XXX
Messages.admin_bytesWrittenDuration = "Duration of the window in milliseconds: {0}"; // XXX
Messages.admin_setDuration = "Set duration"; // XXX
var isPositiveInteger = function (n) { var isPositiveInteger = function (n) {
return n && typeof(n) === 'number' && n % 1 === 0 && n > 0; return n && typeof(n) === 'number' && n % 1 === 0 && n > 0;
}; };
@ -1974,7 +1975,7 @@ define([
var newDuration = h('input', {type: 'number', min: 0, value: duration}); var newDuration = h('input', {type: 'number', min: 0, value: duration});
var set = h('button.btn.btn-primary', Messages.admin_setDuration); var set = h('button.btn.btn-primary', Messages.admin_setDuration);
$div.append(h('div', [ $div.append(h('div', [
h('span.cp-admin-bytes-written-duration', Messages._getKey('admin_bytesWrittenDuration', [duration])), h('span.cp-admin-bytes-written-duration', Messages.ui_ms),
h('div.cp-admin-setlimit-form', [ h('div.cp-admin-setlimit-form', [
newDuration, newDuration,
h('nav', [set]) h('nav', [set])

18
www/checkup/main.js
Unescape Escape View File

@ -990,7 +990,7 @@ define([
'img-src': ["'self'", 'data:', 'blob:', $outer], 'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'], 'media-src': ['blob:'],
'frame-ancestors': ApiConfig.disableEmbedding? [$outer, $sandbox]: ['*'], 'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox],
'worker-src': ["'self'"], 'worker-src': ["'self'"],
}); });
cb(result); cb(result);
@ -1028,7 +1028,7 @@ define([
], ],
'img-src': ["'self'", 'data:', 'blob:', $outer], 'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'], 'media-src': ['blob:'],
'frame-ancestors': ApiConfig.disableEmbedding? [$outer, $sandbox]: ['*'], 'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox],
'worker-src': ["'self'"],//, $outer, $sandbox], 'worker-src': ["'self'"],//, $outer, $sandbox],
}); });
@ -1046,12 +1046,11 @@ define([
var checkAllowedOrigins = function (raw, url, msg, cb) { var checkAllowedOrigins = function (raw, url, msg, cb) {
var header = 'Access-Control-Allow-Origin'; var header = 'Access-Control-Allow-Origin';
var expected; var expected;
if (ApiConfig.disableEmbedding) { if (!ApiConfig.enableEmbedding) {
expected = trimmedSafe; expected = trimmedSafe;
msg.appendChild(h('span', [ msg.appendChild(h('span', [
'This instance has been configured to disable support for embedding assets and documents in third-party websites. ', 'This instance has not been configured to enable support for embedding assets and documents in third-party websites. ',
'In order for this setting to be effective while still permitting encrypted media to load locally ', 'In order for this setting to be effective while still permitting encrypted media to load locally the ',
'the ',
code(header), code(header),
' should only match trusted domains.', ' should only match trusted domains.',
' Under most circumstances it is sufficient to permit only the sandbox domain to load assets.', ' Under most circumstances it is sufficient to permit only the sandbox domain to load assets.',
@ -1061,19 +1060,18 @@ define([
expected = '*'; expected = '*';
msg.appendChild(h('span', [ msg.appendChild(h('span', [
"This instance has been configured to permit embedding assets and documents in third-party websites.", "This instance has been configured to permit embedding assets and documents in third-party websites.",
'Assets must be served with an ', 'In order for this setting to be effective, assets must be served with an ',
code(header), code(header),
' header with a value of ', ' header with a value of ',
code("'*'"), code("'*'"),
'.', '. Remote embedding can be disabled via the admin panel.',
' Remote embedding can be disabled via the admin panel.',
])); ]));
} }
if (raw === expected) { return void cb(true); } if (raw === expected) { return void cb(true); }
cb({ cb({
url: url, url: url,
response: raw, response: raw,
disableEmbedding: ApiConfig.disableEmbedding, enableEmbedding: ApiConfig.enableEmbedding,
}); });
}; };

4
www/common/inner/share.js
Unescape Escape View File

@ -781,7 +781,7 @@ define([
icon: "fa fa-link", icon: "fa fa-link",
active: !contactsActive, active: !contactsActive,
}]; }];
if (!opts.static && !ApiConfig.disableEmbedding && embeddableApps.includes(pathname)) { if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) {
tabs.push({ tabs.push({
getTab: getEmbedTab, getTab: getEmbedTab,
title: Messages.share_embedCategory, title: Messages.share_embedCategory,
@ -977,7 +977,7 @@ define([
active: !hasFriends, active: !hasFriends,
}]; }];
if (!ApiConfig.disableEmbedding) { if (ApiConfig.enableEmbedding) {
tabs.push({ tabs.push({
getTab: getFileEmbedTab, getTab: getFileEmbedTab,
title: Messages.share_embedCategory, title: Messages.share_embedCategory,

8
www/common/sframe-common-outer.js
Unescape Escape View File

@ -21,18 +21,18 @@ define([
common.initIframe = function (waitFor, isRt, pathname) { common.initIframe = function (waitFor, isRt, pathname) {
if (window.top !== window) { if (window.top !== window) {
if (ApiConfig.disableEmbedding) { if (!ApiConfig.enableEmbedding) {
return void window.alert(`This CryptPad instance's administrators have disabled remote embedding of its editors.`); return void window.alert(Messages.error_embeddingDisabled);
} }
// even where embedding is not forbidden it should still be limited // even where embedding is not forbidden it should still be limited
// to apps that are explicitly permitted // to apps that are explicitly permitted
if (!embeddableApps.includes(window.location.pathname)) { if (!embeddableApps.includes(window.location.pathname)) {
return void window.alert(`Embedding this CryptPad editor in remote pages is not supported.`); return void window.alert(Messages.error_embeddingDisabledSpecific);
} }
} }
if (window.location.origin !== ApiConfig.httpUnsafeOrigin) { if (window.location.origin !== ApiConfig.httpUnsafeOrigin) {
return void window.alert(`This page is configured to only be accessed via ${ApiConfig.httpUnsafeOrigin}.`); return void window.alert(Messages._getKey('error_incorrectAccess', [ApiConfig.httpUnsafeOrigin]));
} }
var requireConfig = RequireConfig(); var requireConfig = RequireConfig();

Write Preview
Loading…
Cancel
Save