diff --git a/CHANGELOG.md b/CHANGELOG.md index d2820cdd..43de8c20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ Release date: TBD ### Bug Fixes - Fixed wrong cursor for "Edit" and "Remove" in Setting page - Fixed an issue where "Zoom in/out" does not properly work + - YouTube preview works, even if mixed content is allowed #### Windows - The accelerator of "Redo" is now shown as `Ctrl+Y` diff --git a/package.json b/package.json index d00d59cf..b629b73b 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "chai-as-promised": "^5.3.0", "cross-env": "^3.1.2", "devtron": "^1.3.0", - "electron": "1.4.2", + "electron": "1.4.6", "electron-builder": "^7.11.2", "electron-connect": "~0.6.0", "eslint": "^3.4.0", diff --git a/src/browser/index.jsx b/src/browser/index.jsx index 89f08dc7..bb0dd8a7 100644 --- a/src/browser/index.jsx +++ b/src/browser/index.jsx @@ -392,10 +392,10 @@ var MattermostView = React.createClass({ var self = this; var webview = ReactDOM.findDOMNode(this.refs.webview); - // This option disables the same-origin policy and allows js/css/plugins not only content like images. + // This option allows insecure content, when set to true it is possible to + // load content via HTTP while the mattermost server serves HTTPS if (config.disablewebsecurity === true) { - // webview.setAttribute('disablewebsecurity', false) disables websecurity. (electron's bug?) - webview.setAttribute('disablewebsecurity', true); + webview.setAttribute('webpreferences', 'allowDisplayingInsecureContent'); } webview.addEventListener('did-fail-load', (e) => { diff --git a/test/specs/browser/settings_test.js b/test/specs/browser/settings_test.js index 1ae061ce..ff1e07a5 100644 --- a/test/specs/browser/settings_test.js +++ b/test/specs/browser/settings_test.js @@ -92,7 +92,9 @@ describe('browser/settings.html', function desc() { describe('Allow mixed content', () => { [true, false].forEach((v) => { it(`should be saved and loaded: ${v}`, () => { + const webPreferences = v ? 'allowDisplayingInsecureContent' : ''; env.addClientCommands(this.app.client); + return this.app.client. loadSettingsPage(). scroll('#inputDisableWebSecurity'). @@ -107,19 +109,19 @@ describe('browser/settings.html', function desc() { const savedConfig = JSON.parse(fs.readFileSync(env.configFilePath, 'utf8')); savedConfig.disablewebsecurity.should.equal(v); }). - getAttribute('.mattermostView', 'disablewebsecurity').then((disablewebsecurity) => { // confirm actual behavior + getAttribute('.mattermostView', 'webpreferences').then((disablewebsecurity) => { // confirm actual behavior // disablewebsecurity is an array of String disablewebsecurity.forEach((d) => { - v.toString().should.equal(d); + d.should.equal(webPreferences); }); }).then(() => { return this.app.restart(); }).then(() => { env.addClientCommands(this.app.client); return this.app.client. // confirm actual behavior - getAttribute('.mattermostView', 'disablewebsecurity').then((disablewebsecurity) => { // disablewebsecurity is an array of String + getAttribute('.mattermostView', 'webpreferences').then((disablewebsecurity) => { // disablewebsecurity is an array of String disablewebsecurity.forEach((d) => { - v.toString().should.equal(d); + d.should.equal(webPreferences); }); }). loadSettingsPage().