Bugfix csp header
Bugfix for loading metadata from google with old books (publishing date only year)
This commit is contained in:
parent
1cd05d614c
commit
a2bf6dfb7b
|
@ -140,7 +140,7 @@ def create_app():
|
|||
web_server.stop(True)
|
||||
sys.exit(7)
|
||||
for res in dependency_check() + dependency_check(True):
|
||||
log.info('*** "{}" version does not fit the requirements. '
|
||||
log.info('*** "{}" version does not meet the requirements. '
|
||||
'Should: {}, Found: {}, please consider installing required version ***'
|
||||
.format(res['name'],
|
||||
res['target'],
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
# Google Books api document: https://developers.google.com/books/docs/v1/using
|
||||
from typing import Dict, List, Optional
|
||||
from urllib.parse import quote
|
||||
from datetime import datetime
|
||||
|
||||
import requests
|
||||
|
||||
|
@ -81,7 +82,11 @@ class Google(Metadata):
|
|||
match.description = result["volumeInfo"].get("description", "")
|
||||
match.languages = self._parse_languages(result=result, locale=locale)
|
||||
match.publisher = result["volumeInfo"].get("publisher", "")
|
||||
match.publishedDate = result["volumeInfo"].get("publishedDate", "")
|
||||
try:
|
||||
datetime.strptime(result["volumeInfo"].get("publishedDate", ""), "%Y-%m-%d")
|
||||
match.publishedDate = result["volumeInfo"].get("publishedDate", "")
|
||||
except ValueError:
|
||||
match.publishedDate = ""
|
||||
match.rating = result["volumeInfo"].get("averageRating", 0)
|
||||
match.series, match.series_index = "", 1
|
||||
match.tags = result["volumeInfo"].get("categories", [])
|
||||
|
|
12
cps/web.py
12
cps/web.py
|
@ -85,13 +85,15 @@ def add_security_headers(resp):
|
|||
csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'"
|
||||
if request.path.startswith("/author/") and config.config_use_goodreads:
|
||||
csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
|
||||
csp += " blob: data:;"
|
||||
csp += " object-src 'none';"
|
||||
resp.headers['Content-Security-Policy'] = csp
|
||||
csp += " data:"
|
||||
if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:
|
||||
resp.headers['Content-Security-Policy'] += " *"
|
||||
csp += " *;"
|
||||
elif request.endpoint == "web.read_book":
|
||||
resp.headers['Content-Security-Policy'] += " style-src-elem 'self' blob: 'unsafe-inline';"
|
||||
csp += " style-src-elem 'self' blob: 'unsafe-inline';"
|
||||
else:
|
||||
csp += ";"
|
||||
csp += "object-src: 'none';"
|
||||
resp.headers['Content-Security-Policy'] = csp
|
||||
resp.headers['X-Content-Type-Options'] = 'nosniff'
|
||||
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||
resp.headers['X-XSS-Protection'] = '1; mode=block'
|
||||
|
|
Loading…
Reference in New Issue
Block a user