diff --git a/app.coffee b/app.coffee index f9b7760..56fd9bf 100644 --- a/app.coffee +++ b/app.coffee @@ -4,6 +4,8 @@ logger = require "logger-sharelatex" logger.initialize("clsi") smokeTest = require "smoke-test-sharelatex" +Path = require "path" + Metrics = require "metrics-sharelatex" Metrics.initialize("clsi") Metrics.open_sockets.monitor(logger) @@ -33,7 +35,13 @@ app.delete "/project/:project_id", CompileController.clearCache app.get "/project/:project_id/sync/code", CompileController.syncFromCode app.get "/project/:project_id/sync/pdf", CompileController.syncFromPdf -staticServer = express.static(Settings.path.compilesDir) +staticServer = express.static Settings.path.compilesDir, setHeaders: (res, path, stat) -> + if Path.basename(path) == "output.pdf" + res.set("Content-Type", "application/pdf") + else + # Force plain treatment of other file types to prevent hosting of HTTP/JS files + # that could be used in same-origin/XSS attacks. + res.set("Content-Type", "text/plain") app.get "/project/:project_id/output/*", (req, res, next) -> req.url = "/#{req.params.project_id}/#{req.params[0]}" staticServer(req, res, next) diff --git a/test/acceptance/fixtures/examples/knitr/output.pdf b/test/acceptance/fixtures/examples/knitr/output.pdf index 133becb..a1f9379 100644 Binary files a/test/acceptance/fixtures/examples/knitr/output.pdf and b/test/acceptance/fixtures/examples/knitr/output.pdf differ diff --git a/test/acceptance/fixtures/examples/markdown-included/chapters/chapter1.md b/test/acceptance/fixtures/examples/markdown-included/chapters/chapter1.md deleted file mode 100644 index 920d9be..0000000 --- a/test/acceptance/fixtures/examples/markdown-included/chapters/chapter1.md +++ /dev/null @@ -1,17 +0,0 @@ -Section Title -------------- - -* List item one -* List item two - -: Sample grid table. - -+---------------+---------------+--------------------+ -| Fruit | Price | Advantages | -+===============+===============+====================+ -| Bananas | $1.34 | - built-in wrapper | -| | | - bright color | -+---------------+---------------+--------------------+ -| Oranges | $2.10 | - cures scurvy | -| | | - tasty | -+---------------+---------------+--------------------+ diff --git a/test/acceptance/fixtures/examples/markdown-included/main.tex b/test/acceptance/fixtures/examples/markdown-included/main.tex deleted file mode 100644 index bfda962..0000000 --- a/test/acceptance/fixtures/examples/markdown-included/main.tex +++ /dev/null @@ -1,9 +0,0 @@ -\documentclass{article} -\usepackage{longtable} -\usepackage{booktabs, multicol, multirow} - -\begin{document} - -\input{chapters/chapter1} - -\end{document} diff --git a/test/acceptance/fixtures/examples/markdown-included/output.pdf b/test/acceptance/fixtures/examples/markdown-included/output.pdf deleted file mode 100644 index 81a1136..0000000 Binary files a/test/acceptance/fixtures/examples/markdown-included/output.pdf and /dev/null differ diff --git a/test/acceptance/fixtures/examples/markdown-standalone/main.md b/test/acceptance/fixtures/examples/markdown-standalone/main.md deleted file mode 100644 index 036d971..0000000 --- a/test/acceptance/fixtures/examples/markdown-standalone/main.md +++ /dev/null @@ -1,23 +0,0 @@ -% Title -% Author -% Date - -Chapter title -============= - -Section Title -------------- - -Hello world. Have a nice table: - -: Sample grid table. - -+---------------+---------------+--------------------+ -| Fruit | Price | Advantages | -+===============+===============+====================+ -| Bananas | $1.34 | - built-in wrapper | -| | | - bright color | -+---------------+---------------+--------------------+ -| Oranges | $2.10 | - cures scurvy | -| | | - tasty | -+---------------+---------------+--------------------+ diff --git a/test/acceptance/fixtures/examples/markdown-standalone/output.pdf b/test/acceptance/fixtures/examples/markdown-standalone/output.pdf deleted file mode 100644 index 9991ab8..0000000 Binary files a/test/acceptance/fixtures/examples/markdown-standalone/output.pdf and /dev/null differ