Bugfix csp header

Bugfix for loading metadata from google with old books (publishing date only year)
2023-01-21 17:01:34 +01:00 · 2023-01-21 17:01:34 +01:00 · a2bf6dfb7b
commit a2bf6dfb7b
parent 1cd05d614c
3 changed files with 14 additions and 7 deletions
--- a/cps/init.py
+++ b/cps/init.py
@ -140,7 +140,7 @@ def create_app():
        web_server.stop(True)
        sys.exit(7)
    for res in dependency_check() + dependency_check(True):
-        log.info('*** "{}" version does not fit the requirements. '
+        log.info('*** "{}" version does not meet the requirements. '
                 'Should: {}, Found: {}, please consider installing required version ***'
                 .format(res['name'],
                         res['target'],
--- a/cps/metadata_provider/google.py
+++ b/cps/metadata_provider/google.py
@ -19,6 +19,7 @@
 # Google Books api document: https://developers.google.com/books/docs/v1/using
 from typing import Dict, List, Optional
 from urllib.parse import quote
+from datetime import datetime

 import requests

@ -81,7 +82,11 @@ class Google(Metadata):
        match.description = result["volumeInfo"].get("description", "")
        match.languages = self._parse_languages(result=result, locale=locale)
        match.publisher = result["volumeInfo"].get("publisher", "")
-        match.publishedDate = result["volumeInfo"].get("publishedDate", "")
+        try:
+            datetime.strptime(result["volumeInfo"].get("publishedDate", ""), "%Y-%m-%d")
+            match.publishedDate = result["volumeInfo"].get("publishedDate", "")
+        except ValueError:
+            match.publishedDate = ""
        match.rating = result["volumeInfo"].get("averageRating", 0)
        match.series, match.series_index = "", 1
        match.tags = result["volumeInfo"].get("categories", [])
--- a/cps/web.py
+++ b/cps/web.py
@ -85,13 +85,15 @@ def add_security_headers(resp):
    csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'"
    if request.path.startswith("/author/") and config.config_use_goodreads:
        csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
-    csp += " blob: data:;"
-    csp += " object-src 'none';"
-    resp.headers['Content-Security-Policy'] = csp
+    csp += " data:"
    if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:
-        resp.headers['Content-Security-Policy'] += " *"
+        csp += " *;"
    elif request.endpoint == "web.read_book":
-        resp.headers['Content-Security-Policy'] += " style-src-elem 'self' blob: 'unsafe-inline';"
+        csp += " style-src-elem 'self' blob: 'unsafe-inline';"
+    else:
+        csp += ";"
+    csp += "object-src: 'none';"
+    resp.headers['Content-Security-Policy'] = csp
    resp.headers['X-Content-Type-Options'] = 'nosniff'
    resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
    resp.headers['X-XSS-Protection'] = '1; mode=block'