Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix e2e attachment download by using iframes. #562

Merged
merged 15 commits into from Dec 2, 2016

Conversation

@NegativeMjark
Copy link
Contributor

commented Nov 17, 2016

Allows users to download attachments that are bigger than 2MB.

@NegativeMjark NegativeMjark self-assigned this Nov 17, 2016

@matrixbot

This comment has been minimized.

Copy link
Member

commented Nov 17, 2016

Can one of the admins verify this patch?

NegativeMjark added some commits Nov 17, 2016

Merge remote-tracking branch 'origin/develop' into markjh/attachment_…
…download

Conflicts:
	src/components/views/messages/MAudioBody.js
	src/components/views/messages/MFileBody.js
	src/components/views/messages/MImageBody.js
	src/components/views/messages/MVideoBody.js
@NegativeMjark

This comment has been minimized.

Copy link
Contributor Author

commented Nov 28, 2016

Needs vector-im/riot-web#2659 otherwise the download links will look awful.

@NegativeMjark NegativeMjark assigned dbkr and unassigned NegativeMjark Nov 28, 2016

// ordinary javascript function which then is turned into a string using
// toString().
//
const DEFAULT_CROSS_ORIGIN_RENDERER = "https://usercontent.riot.im/v1.html";

This comment has been minimized.

Copy link
@NegativeMjark

NegativeMjark Nov 28, 2016

Author Contributor

This should probably be configurable. But I can't see a nice way to get values from vector-web's config.json to here.

@dbkr
Copy link
Member

left a comment

Couple of comment typos. Agree on the usercontent location, wonder if there's a way to get the config option through nicely

// For attachments downloaded directly from the homeserver we can use
// Content-Security-Policy headers to disable script execution.
//
// But attachments with end-to-end ecryption are more difficult to handle.

This comment has been minimized.

Copy link
@dbkr

dbkr Nov 29, 2016

Member

ecryption

// the downside of using a sandboxed iframe is that the browers are overly
// restrictive in what you are allowed to do with the generated URL.
//
// For now given how unusable the blobs generated in sandboxed iframes we'll

This comment has been minimized.

Copy link
@dbkr

dbkr Nov 29, 2016

Member

how unusable the blobs generated in sandboxed iframes are ?

thumbnailPromise.then((thumbnailUrl) => {
decryptFile(content.file).then((contentUrl) => {
decryptFile(content.file).then(function(blob) {

This comment has been minimized.

Copy link
@Kegsay

Kegsay Dec 2, 2016

Contributor

This promise is being dropped to the floor if it rejects.

thumbnailPromise.then((thumbnailUrl) => {
decryptFile(content.file).then((contentUrl) => {
decryptFile(content.file).then(function(blob) {

This comment has been minimized.

Copy link
@Kegsay

Kegsay Dec 2, 2016

Contributor

This promise is being dropped to the floor if it rejects.

dbkr and others added some commits Dec 2, 2016

Put the config in the React context.
Use it in MFileBody to configure the cross origin renderer URL.
Merge pull request #578 from matrix-org/dbkr/attachment_download_conf…
…ig_context

Put the config in the React context.
@dbkr

dbkr approved these changes Dec 2, 2016

@NegativeMjark NegativeMjark merged commit 81e429e into develop Dec 2, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@dbkr dbkr deleted the markjh/attachment_download branch Dec 14, 2016

Half-Shot added a commit to Half-Shot/matrix-react-sdk that referenced this pull request Feb 9, 2017

Fix e2e attachment download by using iframes. (matrix-org#562)
* Render attachments inside iframes.

* Fix up the image and video views

* Fix m.audio

* Comments, and only use the cross domain renderer if the attachment is encrypted

* Fix whitespace

* Don't decrypt file attachments immediately

* Use https://usercontent.riot.im/v1.html by default

* typos

* Put the config in the React context.

Use it in MFileBody to configure the cross origin renderer URL.

* Call it appConfig in the context

* Return the promises so they don't get dropped
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.