Skip to content
This repository was archived by the owner on May 17, 2026. It is now read-only.

Hypothes.is

Jump to bottom
Tom Giles edited this page Feb 9, 2022 · 8 revisions

This repo adds the ability to read and annotate public PDFs using hypothes.is. This is based on Mozilla's pdf.js. The backend adds PdfViewerController which renders using layouts/hyku_addons/pdf_viewer.html.erb. This template loads the requried Javascript, plus files required for locales.

Security and Permissions

Hyku Addons uses standard Rails CORS setup and therefore any documents which are not on the same origin will be blocked. This means that the easiest way to serve files to Hypothes.is. Annotation is only possible for public PDF files. It is therefore necessary to override the actions partial for file sets. The logic for this partial might now seem complex, but in essence we check to see whether the user can perform more than one action on the file and render a list of actions if they can. Otherwise a button is rendered. Some user permission allow the user to perform multiple actions on the file. See here for more details.

Updating

Out of the box Hypothes.is will load any PDF given to it via a url parameter. In order to add a second layer of security the scripts were edited to prevent this. The script now uses the id in the hyrax download_url for a file_set and creates a url within hyrax only. See code here at line 1277:

parameters = Object.create(null);

const download_id = location.pathname.split('/')[2]
parameters.url = "/downloads/" + download_id
apiParameters = _app_options.AppOptions.getAll(_app_options.OptionKind.API);

The download_id is generated in the actions list (see code here):

hyrax.download_url(file_set.id).split("/")&.last&.split("?")&.first

Previous code:

parameters = Object.create(null);

if (typeof file === "string") {
  _this7.setTitleUsingUrl(file);

  parameters.url = file;
} else if (file && "byteLength" in file) {
  parameters.data = file;
} else if (file.url && file.originalUrl) {
  _this7.setTitleUsingUrl(file.originalUrl);
  parameters.url = file.url;
}

apiParameters = _app_options.AppOptions.getAll(_app_options.OptionKind.API);

If hypothes.is update their scripts and you wish to update them in this repo, the above change or equivalent will need to be made to the new script.

Clone this wiki locally