From 0f9e3670154efff084a27d53aad7271103ca29f0 Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 20 Dec 2018 22:38:31 +0100 Subject: [PATCH 1/2] Fix broken Gist embedding Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com`. Signed-off-by: Sheogorath --- lib/csp.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/csp.js b/lib/csp.js index 96be533..0bfd583 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -8,7 +8,7 @@ var defaultDirectives = { scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], - styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views + styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ mediaSrc: ['*'], From 8835a09d954210f73460331b15e95ae3cf416eaf Mon Sep 17 00:00:00 2001 From: Daan Sprenkels Date: Fri, 21 Dec 2018 15:28:55 +0100 Subject: [PATCH 2/2] Update upload provider error message Fixes #1107. Signed-off-by: Daan Sprenkels --- lib/config/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/config/index.js b/lib/config/index.js index b848096..cbe6c39 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -165,7 +165,7 @@ if (config.sessionSecret === 'secret') { // Validate upload upload providers if (['filesystem', 's3', 'minio', 'imgur', 'azure'].indexOf(config.imageUploadType) === -1) { - logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure" or "imgur". Defaulting to "imgur"') + logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure" or "imgur". Defaulting to "filesystem"') config.imageUploadType = 'filesystem' }