From a2bf6dfb7bada1b086b8d6e12596c7a4627037f9 Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Sat, 21 Jan 2023 17:01:34 +0100 Subject: [PATCH] Bugfix csp header Bugfix for loading metadata from google with old books (publishing date only year) --- cps/__init__.py | 2 +- cps/metadata_provider/google.py | 7 ++++++- cps/web.py | 12 +++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/cps/__init__.py b/cps/__init__.py index 1ba1f778..d9980778 100644 --- a/cps/__init__.py +++ b/cps/__init__.py @@ -140,7 +140,7 @@ def create_app(): web_server.stop(True) sys.exit(7) for res in dependency_check() + dependency_check(True): - log.info('*** "{}" version does not fit the requirements. ' + log.info('*** "{}" version does not meet the requirements. ' 'Should: {}, Found: {}, please consider installing required version ***' .format(res['name'], res['target'], diff --git a/cps/metadata_provider/google.py b/cps/metadata_provider/google.py index c5522533..ba7e10af 100644 --- a/cps/metadata_provider/google.py +++ b/cps/metadata_provider/google.py @@ -19,6 +19,7 @@ # Google Books api document: https://developers.google.com/books/docs/v1/using from typing import Dict, List, Optional from urllib.parse import quote +from datetime import datetime import requests @@ -81,7 +82,11 @@ class Google(Metadata): match.description = result["volumeInfo"].get("description", "") match.languages = self._parse_languages(result=result, locale=locale) match.publisher = result["volumeInfo"].get("publisher", "") - match.publishedDate = result["volumeInfo"].get("publishedDate", "") + try: + datetime.strptime(result["volumeInfo"].get("publishedDate", ""), "%Y-%m-%d") + match.publishedDate = result["volumeInfo"].get("publishedDate", "") + except ValueError: + match.publishedDate = "" match.rating = result["volumeInfo"].get("averageRating", 0) match.series, match.series_index = "", 1 match.tags = result["volumeInfo"].get("categories", []) diff --git a/cps/web.py b/cps/web.py index 7f2f2b41..036681ea 100644 --- a/cps/web.py +++ b/cps/web.py @@ -85,13 +85,15 @@ def add_security_headers(resp): csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'" if request.path.startswith("/author/") and config.config_use_goodreads: csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com" - csp += " blob: data:;" - csp += " object-src 'none';" - resp.headers['Content-Security-Policy'] = csp + csp += " data:" if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: - resp.headers['Content-Security-Policy'] += " *" + csp += " *;" elif request.endpoint == "web.read_book": - resp.headers['Content-Security-Policy'] += " style-src-elem 'self' blob: 'unsafe-inline';" + csp += " style-src-elem 'self' blob: 'unsafe-inline';" + else: + csp += ";" + csp += "object-src: 'none';" + resp.headers['Content-Security-Policy'] = csp resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-XSS-Protection'] = '1; mode=block'