Commit f23970aa authored by Nicolas Pernoud's avatar Nicolas Pernoud
Browse files

fix: X-Frame-Options headers, styling, upload overwrite

parent 3cd2b97b
Pipeline #7635 passed with stages
in 2 minutes and 18 seconds
......@@ -22,17 +22,16 @@ $radius-small: 4px;
$body-background-color: $very-light-grey;
$card-content-padding: 2rem;
$navbar-item-img-max-height: 2.5rem;
$navbar-background-color: $light-grey;
$navbar-item-hover-color: $deep-blue;
$navbar-background-color: $light;
$navbar-item-hover-color: $primary;
$navbar-item-hover-background-color: $dark;
$navbar-item-active-color: $deep-blue;
$navbar-item-active-color: $primary;
$navbar-item-active-background-color: $very-light-grey;
$progress-border-radius: 0px;
$progress-indeterminate-duration: 1s;
$modal-card-head-padding: 15px;
$modal-card-head-background-color: $light;
$modal-card-head-background-color: $very-light-grey;
$modal-card-head-radius: $radius-small;
$modal-card-title-color: $very-light-grey;
// Bulma imports
@import "node_modules/bulma/sass/utilities/_all";
......@@ -193,7 +192,6 @@ a.navbar-item.is-active {
.modal-card-head .delete:hover {
background-color: $deep-blue;
transform: scale(1.1);
}
.modal-card-title {
......
......@@ -61,11 +61,11 @@ func (s webSecurityWriter) WriteHeader(code int) {
cspHeader = cspHeader + fmt.Sprintf("; frame-ancestors %v", s.source)
}
} else { // If not, forge a default CSP Header
cspHeader = fmt.Sprintf("default-src %[1]v 'self'; img-src %[1]v 'self' blob: data: ; script-src 'self' %[1]v %[2]v; style-src 'self' 'unsafe-inline'; frame-src http: %[1]v; frame-ancestors %[1]v", s.source, inline)
cspHeader = fmt.Sprintf("default-src %[1]v 'self'; img-src %[1]v 'self' blob: data: ; script-src 'self' %[1]v %[2]v; style-src 'self' 'unsafe-inline'; frame-src %[1]v; frame-ancestors %[1]v", s.source, inline)
}
// Set the resulting CSP Header
s.w.Header().Set("Content-Security-Policy", cspHeader)
s.w.Header().Set("X-Frame-Options", "SAMEORIGIN")
// s.w.Header().Set("X-Frame-Options", "SAMEORIGIN") // Deactivated as browsers take into account that header instead of frame ancestors
s.w.Header().Set("X-XSS-Protection", "1; mode=block")
s.w.Header().Set("Referrer-Policy", "strict-origin")
s.w.Header().Set("X-Content-Type-Options", "nosniff")
......
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
<svg xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="512"
height="512"
viewBox="0 0 135.46667 135.46667"
version="1.1"
id="svg8"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
sodipodi:docname="logo.svg"
inkscape:export-filename="/home/nicolas/dev/Vestibule/web/assets/brand/logo.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96">
<defs
id="defs2" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.35"
inkscape:cx="-136.97074"
inkscape:cy="-24.502816"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:window-width="1870"
inkscape:window-height="1019"
inkscape:window-x="50"
inkscape:window-y="27"
inkscape:window-maximized="1"
units="px" />
<metadata
id="metadata5">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Calque 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-60.098213,-0.89344866)">
<rect
style="fill:#000000;fill-opacity:1;stroke-width:0.70605141"
id="rect817"
width="110.94254"
height="135.46666"
x="72.360275"
y="0.89345223"
inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96" />
<path
style="fill:#0d47a1;fill-opacity:1;stroke-width:0.83692497"
d="M 85.498214,7.8627842 170.16488,27.58243 v 78.41994 l -84.666666,23.38841 z"
id="rect820"
inkscape:connector-curvature="0"
sodipodi:nodetypes="ccccc"
inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96" />
<g
aria-label="V"
style="font-style:normal;font-weight:normal;font-size:10.58333302px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.26458332"
id="text825"
transform="matrix(9.8626344,0,0,8.4586653,-644.09366,-815.57641)"
inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96">
<path
d="m 77.678538,108.38988 -2.945557,-7.71529 h 1.090373 l 2.444295,6.49572 2.449463,-6.49572 h 1.085205 l -2.940389,7.71529 z"
style="stroke-width:0.26458332"
id="path827"
inkscape:connector-curvature="0" />
</g>
</g>
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" width="512" height="512" viewBox="0 0 135.46667 135.46667" version="1.1" id="svg8" inkscape:version="0.92.4 (5da689c313, 2019-01-14)" sodipodi:docname="logo.svg" inkscape:export-filename="/home/nicolas/dev/Vestibule/web/assets/brand/logo.png" inkscape:export-xdpi="96" inkscape:export-ydpi="96">
<defs id="defs2" />
<sodipodi:namedview id="base" pagecolor="#ffffff" bordercolor="#666666" borderopacity="1.0" inkscape:pageopacity="0.0" inkscape:pageshadow="2" inkscape:zoom="0.35" inkscape:cx="-136.97074" inkscape:cy="-24.502816" inkscape:document-units="mm" inkscape:current-layer="layer1" showgrid="false" fit-margin-top="0" fit-margin-left="0" fit-margin-right="0" fit-margin-bottom="0" inkscape:window-width="1870" inkscape:window-height="1019" inkscape:window-x="50" inkscape:window-y="27" inkscape:window-maximized="1" units="px" />
<metadata id="metadata5">
<rdf:RDF>
<cc:Work rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g inkscape:label="Calque 1" inkscape:groupmode="layer" id="layer1" transform="translate(-60.098213,-0.89344866)">
<rect style="fill:#000000;fill-opacity:1;stroke-width:0.70605141" id="rect817" width="110.94254" height="135.46666" x="72.360275" y="0.89345223" inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png" inkscape:export-xdpi="96" inkscape:export-ydpi="96" />
<path style="fill:#3f51b5;fill-opacity:1;stroke-width:0.83692497" d="M 85.498214,7.8627842 170.16488,27.58243 v 78.41994 l -84.666666,23.38841 z" id="rect820" inkscape:connector-curvature="0" sodipodi:nodetypes="ccccc" inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png" inkscape:export-xdpi="96" inkscape:export-ydpi="96" />
<g aria-label="V" style="font-style:normal;font-weight:normal;font-size:10.58333302px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.26458332" id="text825" transform="matrix(9.8626344,0,0,8.4586653,-644.09366,-815.57641)" inkscape:export-filename="/home/nicolas/dev/proxhibou_temp/web/favicon.png" inkscape:export-xdpi="96" inkscape:export-ydpi="96">
<path d="m 77.678538,108.38988 -2.945557,-7.71529 h 1.090373 l 2.444295,6.49572 2.449463,-6.49572 h 1.085205 l -2.940389,7.71529 z" style="stroke-width:0.26458332" id="path827" inkscape:connector-curvature="0" />
</g>
</g>
</svg>
This source diff could not be displayed because it is too large. You can view the blob instead.
<?xml version="1.0" encoding="UTF-8"?>
<svg version="1.1" viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<svg version="1.1" viewBox="0 0 100 100"
xmlns="http://www.w3.org/2000/svg"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<metadata>
<rdf:RDF>
<cc:Work rdf:about="">
......@@ -10,7 +14,7 @@
</rdf:RDF>
</metadata>
<circle cx="50" cy="50" r="45" fill="none" stroke="#b0bec5" stroke-width="5" />
<path d="m5 50c0-24.853 20.147-45 45-45" fill="none" stroke="#304ffe" stroke-linecap="round" stroke-width="5">
<path d="m5 50c0-24.853 20.147-45 45-45" fill="none" stroke="#3f51b5" stroke-linecap="round" stroke-width="5">
<animateTransform attributeName="transform" dur="1s" from="0 50 50" repeatDur="indefinite" to="360 50 50" type="rotate" />
</path>
</svg>
......@@ -497,6 +497,7 @@ function openWebview(app) {
<div class="modal-background animate__animated animate__fadeIn"></div>
<div class="modal-card animate__animated animate__zoomIn">
<header class="modal-card-head">
<span class="icon mr-2"> <i class="fas fa-lg fa-${app.icon}" style="color: ${app.color};"></i> </span>
<p class="modal-card-title">${app.name}</p>
<button class="delete" aria-label="close" id="apps-webview-close"></button>
</header>
......
......@@ -213,7 +213,7 @@ function displayDavs(inDavs) {
}
if (user.isAdmin || !dav.secured || dav.roles.some((r) => user.memberOf.includes(r))) {
document.getElementById(`davs-dav-open-${dav.id}`).addEventListener("click", function () {
openExplorerModal(dav.host, dav.writable, dav.passphrase != null && dav.passphrase !== "");
openExplorerModal(dav);
});
}
});
......@@ -434,11 +434,11 @@ async function pickIcon() {
document.getElementById("davs-icons-modal").classList.toggle("is-active");
}
function openExplorerModal(hostname, readwrite, encrypted) {
function openExplorerModal(dav) {
const modal = document.getElementById("davs-explorer-modal");
const card = document.getElementById("davs-explorer-modal-card");
const explorer = new Explorer(hostname);
explorer.mount("davs-explorer-modal-card", readwrite, encrypted);
const explorer = new Explorer(dav);
explorer.mount("davs-explorer-modal-card");
modal.classList.add("is-active");
AnimateCSS(modal, "fadeIn");
AnimateCSS(card, "zoomIn");
......
......@@ -9,20 +9,21 @@ import { Delete } from "/services/common/delete.js";
import { HandleError } from "/services/common/errors.js";
export class Explorer {
constructor(hostname) {
this.hostname = hostname;
this.fullHostname = `${location.protocol}//${hostname}${location.port !== "" ? ":" + location.port : ""}`;
constructor(dav) {
this.dav = dav;
this.hostname = dav.host;
this.fullHostname = `${location.protocol}//${this.hostname}${location.port !== "" ? ":" + location.port : ""}`;
this.files = [];
this.path = "/";
this.encrypted = this.dav.passphrase != null && this.dav.passphrase !== "";
}
async mount(mountpoint, readwrite, encrypted) {
this.readwrite = readwrite;
this.encrypted = encrypted;
async mount(mountpoint) {
const card = document.getElementById(mountpoint);
card.innerHTML = /* HTML */ `
<header class="modal-card-head">
<p class="modal-card-title">Explorer</p>
<span class="icon mr-2"> <i class="fas fa-lg fa-${this.dav.icon}" style="color: ${this.dav.color};"></i> </span>
<p class="modal-card-title">${this.dav.name}</p>
<button class="delete" aria-label="close" id="explorer-modal-close"></button>
</header>
<section id="explorer-modal-content" class="modal-card-body pt-0"></section>
......@@ -34,7 +35,7 @@ export class Explorer {
<i class="fas fa-arrow-circle-left"></i>
</span>
</button>
${this.readwrite
${this.dav.writable
? /* HTML */ `
<button id="explorer-modal-newfolder" class="button">
<span class="icon is-small">
......@@ -67,7 +68,7 @@ export class Explorer {
document.getElementById(`explorer-modal-back`).addEventListener("click", () => {
this.navigate(goUp(this.path));
});
if (this.readwrite) {
if (this.dav.writable) {
document.getElementById(`explorer-modal-newfolder`).addEventListener("click", () => {
this.newFolder();
});
......@@ -75,7 +76,7 @@ export class Explorer {
this.newTxt();
});
document.getElementById(`explorer-modal-upload`).addEventListener("change", (e) => {
this.upload(e.srcElement.files);
this.upload(e.target.files);
});
}
this.progress = document.getElementById(`explorer-modal-progress`);
......@@ -138,7 +139,7 @@ export class Explorer {
<span class="icon is-small"><i class="fas fa-download"></i></span>
</a>
`}
${this.readwrite
${this.dav.writable
? /* HTML */ `
<a id="file-${file.id}-rename" class="level-item">
<span class="icon is-small"><i class="fas fa-pen"></i></span>
......@@ -164,7 +165,7 @@ export class Explorer {
</div>
</nav>
</div>
${this.readwrite
${this.dav.writable
? /* HTML */ `
<div class="media-right">
<a id="file-${file.id}-delete">
......@@ -215,7 +216,7 @@ export class Explorer {
}
});
if (this.readwrite) {
if (this.dav.writable) {
document.getElementById(`file-${file.id}-rename`).addEventListener("click", (event) => {
event.stopPropagation();
this.rename(file);
......@@ -438,6 +439,11 @@ export class Explorer {
let id = this.files.length;
let fileIdx = 0;
for (const file of files) {
// Check for overwrite
if (this.files.some((e) => e.name === file.name)) {
Messages.Show("is-warning", `A file with the name "${file.name}" already exists, please remove the old file before upload.`);
continue;
}
id++;
fileIdx++;
file.path = path(onStartPath, file.name);
......
......@@ -32,7 +32,7 @@
<div class="navbar-brand">
<div class="navbar-item">
<a class="button is-primary is-rounded is-outlined" href="https://www.github.com/nicolaspernoud/Vestibule" target="_blank" rel="noopener noreferrer">
<span>4.3.51</span>
<span>4.3.53</span>
<span class="icon">
<svg
class="svg-inline--fa fa-github fa-w-16"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment