Merge branch 'main' into main
This commit is contained in:
@@ -17,6 +17,7 @@ ADR-0086 introduced the `FilePreview` path for image binaries while keeping bina
|
||||
|
||||
- The scanner keeps the coarse `fileKind: "binary"` representation. Previewability stays a renderer concern inferred from the file extension in `src/utils/filePreview.ts`.
|
||||
- Supported images render with `<img>` and supported PDFs render with the webview PDF object renderer, both using Tauri asset URLs from `convertFileSrc`.
|
||||
- The Tauri CSP permits scoped asset URLs in `object-src` so PDF objects can load vault-backed files without broadening script, connect, or image policy.
|
||||
- PDF preview fallback content lives inside the PDF object so unsupported or failed renderers still expose an explicit "Open in default app" escape hatch.
|
||||
- Note-list rows for previewable images and PDFs remain clickable and carry file-specific indicators; unsupported binary rows stay muted and non-clickable.
|
||||
- `Escape` on the preview surface returns keyboard focus to the note list, matching the existing image-preview keyboard behavior.
|
||||
|
||||
@@ -37,7 +37,7 @@
|
||||
"style-src-attr": "'unsafe-inline'",
|
||||
"font-src": "'self' data: https://fonts.gstatic.com",
|
||||
"media-src": "'self' data: blob: https:",
|
||||
"object-src": "'none'"
|
||||
"object-src": "'self' asset: http://asset.localhost"
|
||||
},
|
||||
"assetProtocol": {
|
||||
"enable": true,
|
||||
|
||||
@@ -11,4 +11,12 @@ describe('Tauri Content Security Policy', () => {
|
||||
expect(csp['style-src-elem']).toContain('https://fonts.googleapis.com')
|
||||
expect(csp['style-src-attr']).toBe("'unsafe-inline'")
|
||||
})
|
||||
|
||||
it('allows PDF object previews from scoped Tauri asset URLs', () => {
|
||||
const config = JSON.parse(readFileSync(`${process.cwd()}/src-tauri/tauri.conf.json`, 'utf8'))
|
||||
const csp = config.app.security.csp as Record<string, string>
|
||||
|
||||
expect(csp['object-src']).toContain('asset:')
|
||||
expect(csp['object-src']).toContain('http://asset.localhost')
|
||||
})
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user