added csp directives

2017-07-12 10:56:04 -07:00 · 2017-07-12 10:56:04 -07:00 · 9234bce75d
parent b32e63c305
commit 9234bce75d
5 changed files with 37 additions and 12 deletions
--- a/frontend/src/download.js
+++ b/frontend/src/download.js
@ -9,7 +9,8 @@ $(document).ready(function() {
  $('#send-file').click(() => {
    window.location.replace(`${window.location.origin}`);
  });
-  const download = () => {
+  $('#download-btn').click(download);
  function download() {
    const fileReceiver = new FileReceiver();
    const name = document.createElement('p');
    const $btn = $('#download-btn');
@ -84,7 +85,5 @@ $(document).ready(function() {
        Raven.captureException(err);
        return Promise.reject(err);
      });
-  };
+  }
  window.download = download;
 });
--- a/frontend/src/upload.js
+++ b/frontend/src/upload.js
@ -10,6 +10,8 @@ $(document).ready(function() {
    $('#compliance-error').show();
  });
  $('#file-upload').change(onUpload);
  $('#page-one').on('dragover', allowDrop).on('drop', onUpload);
  // reset copy button
  const $copyBtn = $('#copy-btn');
  $copyBtn.attr('disabled', false);
@ -61,11 +63,11 @@ $(document).ready(function() {
  });
  // on file upload by browse or drag & drop
-  window.onUpload = event => {
+  function onUpload(event) {
    event.preventDefault();
    let file = '';
    if (event.type === 'drop') {
-      file = event.dataTransfer.files[0];
+      file = event.originalEvent.dataTransfer.files[0];
    } else {
      file = event.target.files[0];
    }
@ -143,11 +145,11 @@ $(document).ready(function() {
        $('#page-one').hide();
        $('#upload-error').show();
      });
-  };
+  }
-  window.allowDrop = function(ev) {
+  function allowDrop(ev) {
    ev.preventDefault();
-  };
+  }
  function checkExistence(id, populate) {
    const xhr = new XMLHttpRequest();
--- a/server/server.js
+++ b/server/server.js
@ -32,6 +32,30 @@ app.engine(
 app.set('view engine', 'handlebars');
 app.use(helmet());
 app.use(
  helmet.contentSecurityPolicy({
    directives: {
      defaultSrc: ['\'self\''],
      connectSrc: [
        '\'self\'',
        'https://sentry.prod.mozaws.net',
        'https://www.google-analytics.com',
        'https://ssl.google-analytics.com'
      ],
      imgSrc: [
        '\'self\'',
        'https://www.google-analytics.com',
        'https://ssl.google-analytics.com'
      ],
      scriptSrc: ['\'self\'', 'https://ssl.google-analytics.com'],
      styleSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
      fontSrc: ['\'self\'', 'https://code.cdn.mozilla.net'],
      formAction: ['\'none\''],
      frameAncestors: ['\'none\''],
      objectSrc: ['\'none\'']
    }
  })
 );
 app.use(busboy());
 app.use(bodyParser.json());
 app.use(express.static(STATIC_PATH));
--- a/views/download.handlebars
+++ b/views/download.handlebars
@ -23,7 +23,7 @@
      </div>
      <div id="download-page-one">
        <div>
-          <button id="download-btn" onclick="download()">Download File</button>
+          <button id="download-btn">Download File</button>
        </div>
        <div id='expired-img'>
          <img src='/resources/link_expired.png' />
--- a/views/index.handlebars
+++ b/views/index.handlebars
@ -19,7 +19,7 @@
      <div class="title">
        Share your files quickly, privately and securely.
      </div>
-      <div class="upload-window" ondrop="onUpload(event)" ondragover="allowDrop(event)">
+      <div class="upload-window">
        <div id="upload-img"><img src="/resources/upload.svg" alt="Upload"/></div>
        <div>
          DRAG &amp; DROP
@ -31,7 +31,7 @@
          <div id="browse">
            <form method="post" action="upload" enctype="multipart/form-data">
              <label for="file-upload" class="file-upload">browse</label>
-              <input id="file-upload" type="file" onchange="onUpload(event)" name="fileUploaded" />
+              <input id="file-upload" type="file" name="fileUploaded" />
            </form>
          </div>
        </div>