Bump version to 3.4.10

Fixes https://github.com/timvisee/send/issues/29

.gitattributes

@@ -1,2 +1,2 @@
-public/locales/* linguist-documentation
+public/locales/*/*.ftl linguist-documentation
-docs/* linguist-documentation
+docs/** linguist-documentation

app/main.css

@@ -118,7 +118,7 @@ details {
   overflow: hidden;
 }
 
-details > summary::-webkit-details-marker {
+details > summary::marker {
   display: none;
 }
 

docs/deployment.md

@@ -13,7 +13,7 @@ For Debian/Ubuntu systems this probably just means something like this:
 ## Building
 * We assume an already configured virtual-host on your webserver with an existing empty htdocs folder
 * First, remove that htdocs folder - we will replace it with Send's version now
-* git clone https://github.com/mozilla/send.git htdocs
+* git clone https://github.com/timvisee/send.git htdocs
 * Make now sure you are NOT root but rather the user your webserver is serving files under (e.g. "su www-data" or whoever the owner of your htdocs folder is)
 * npm install
 * npm run build

package.json

@@ -1,7 +1,7 @@
 {
   "name": "send",
   "description": "File Sharing Experiment",
-  "version": "3.4.8",
+  "version": "3.4.10",
   "author": "Mozilla (https://mozilla.org)",
   "contributors": [
     "Tim Visee <3a4fb3964f@sinenomine.email> (https://timvisee.com)"
@@ -30,7 +30,7 @@
     "test:report": "nyc report --reporter=html",
     "test-integration": "cross-env NODE_ENV=development wdio test/wdio.docker.conf.js",
     "circleci-test-integration": "echo 'webdriverio tests need to be updated to node 12'",
-    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true FXA_CLIENT_ID=fced6b5e3f4c66b9 BASE_URL=http://localhost:8080 webpack-dev-server --mode=development",
+    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true BASE_URL=http://localhost:8080 DETECT_BASE_URL=true webpack-dev-server --mode=development",
     "android": "cross-env ANDROID=1 npm start",
     "prod": "node server/bin/prod.js"
   },
@@ -64,10 +64,10 @@
     "node": "^15.5.1"
   },
   "devDependencies": {
-    "@babel/core": "^7.13.16",
+    "@babel/core": "^7.14.0",
     "@babel/plugin-proposal-class-properties": "^7.13.0",
     "@babel/plugin-syntax-dynamic-import": "^7.2.0",
-    "@babel/preset-env": "^7.13.15",
+    "@babel/preset-env": "^7.14.1",
     "@dannycoates/webcrypto-liner": "^0.1.37",
     "@fullhuman/postcss-purgecss": "^1.3.0",
     "@mattiasbuelens/web-streams-polyfill": "0.2.1",
@@ -78,7 +78,7 @@
     "base64-js": "^1.5.1",
     "content-disposition": "^0.5.3",
     "copy-webpack-plugin": "^5.1.2",
-    "core-js": "^3.10.2",
+    "core-js": "^3.12.0",
     "crc": "^3.8.0",
     "cross-env": "^6.0.3",
     "css-loader": "^3.6.0",
@@ -117,7 +117,7 @@
     "script-loader": "^0.7.2",
     "sinon": "^7.5.0",
     "string-hash": "^1.1.3",
-    "stylelint": "^13.12.0",
+    "stylelint": "^13.13.1",
     "stylelint-config-standard": "^19.0.0",
     "stylelint-no-unsupported-browser-features": "^4.1.4",
     "svgo": "^1.3.2",
@@ -135,9 +135,9 @@
     "@dannycoates/express-ws": "^5.0.3",
     "@fluent/bundle": "^0.13.0",
     "@fluent/langneg": "^0.3.0",
-    "@google-cloud/storage": "^5.8.4",
+    "@google-cloud/storage": "^5.8.5",
     "@sentry/node": "^5.30.0",
-    "aws-sdk": "^2.889.0",
+    "aws-sdk": "^2.902.0",
     "body-parser": "^1.19.0",
     "choo": "^7.0.0",
     "cldr-core": "^35.1.0",

public/locales/nl/send.ftl

@@ -28,7 +28,7 @@ notSupportedOutdatedDetail = Helaas ondersteunt deze versie van Firefox de webte
 updateFirefox = Firefox bijwerken
 deletePopupCancel = Annuleren
 deleteButtonHover = Verwijderen
-footerText = Niet aangesloten aan Mozilla of Firefox.
+footerText = Niet gelieerd aan Mozilla of Firefox.
 footerLinkDonate = Doneren
 footerLinkCli = CLI
 footerLinkDmca = DMCA
@@ -52,7 +52,7 @@ passwordSetError = Dit wachtwoord kon niet worden ingesteld
 -send-short-brand = Send
 -firefox = Firefox
 -mozilla = Mozilla
-introTitle = Eenvoudig, privé bestanden delen
+introTitle = Bestanden delen, eenvoudig en privé 
 introDescription = Met { -send-brand } kunt u bestanden delen met end-to-endversleuteling en een koppeling die automatisch verloopt. Hierdoor kunt u privé houden wat u wilt delen en er zeker van zijn dat uw zaken niet voor altijd online blijven.
 notifyUploadEncryptDone = Uw bestand is versleuteld en klaar voor verzending
 # downloadCount is from the downloadCount string and timespan is a timespanMinutes string. ex. 'Expires after 2 downloads or 25 minutes'

server/config.js

@@ -130,6 +130,11 @@ const conf = convict({
     default: 'https://send.firefox.com',
     env: 'BASE_URL'
   },
+  detect_base_url: {
+    format: Boolean,
+    default: false,
+    env: 'DETECT_BASE_URL'
+  },
   file_dir: {
     format: 'String',
     default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
@@ -206,4 +211,17 @@ const conf = convict({
 conf.validate({ allowed: 'strict' });
 
 const props = conf.getProperties();
-module.exports = props;
+
+const deriveBaseUrl = req => {
+  if (!props.detect_base_url) {
+    return props.base_url;
+  }
+
+  const protocol = req.secure ? 'https://' : 'http://';
+  return `${protocol}${req.headers.host}`;
+};
+
+module.exports = {
+  ...props,
+  deriveBaseUrl
+};

server/routes/index.js

@@ -36,9 +36,14 @@ module.exports = function(app) {
         defaultSrc: ["'self'"],
         connectSrc: [
           "'self'",
-          config.base_url.replace(/^https:\/\//, 'wss://')
+          function(req) {
+            const baseUrl = config.deriveBaseUrl(req);
+            const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
+            console.log([baseUrl, r]);
+            return r;
+          }
         ],
-        imgSrc: ["'self'"],
+        imgSrc: ["'self'", 'data:'],
         scriptSrc: [
           "'self'",
           function(req) {
@@ -52,10 +57,6 @@ module.exports = function(app) {
       }
     };
 
-    csp.directives.connectSrc.push(
-      config.base_url.replace(/^https:\/\//, 'wss://')
-    );
-
     app.use(helmet.contentSecurityPolicy(csp));
   }
 

server/routes/upload.js

@@ -28,8 +28,7 @@ module.exports = async function(req, res) {
     //this hasn't been updated to expiration time setting yet
     //if you want to fallback to this code add this
     await storage.set(newId, fileStream, meta, config.default_expire_seconds);
-    const protocol = config.env === 'production' ? 'https' : req.protocol;
+    const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;
-    const url = `${protocol}://${req.get('host')}/download/${newId}/`;
     res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
     res.json({
       url,

server/routes/ws.js

@@ -65,8 +65,7 @@ module.exports = function(ws, req) {
         nonce: crypto.randomBytes(16).toString('base64')
       };
 
-      const protocol = config.env === 'production' ? 'https' : req.protocol;
+      const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;
-      const url = `${protocol}://${req.get('host')}/download/${newId}/`;
 
       ws.send(
         JSON.stringify({

server/state.js

@@ -23,6 +23,7 @@ module.exports = async function(req) {
   if (config.survey_url) {
     prefs.surveyUrl = config.survey_url;
   }
+  const baseUrl = config.deriveBaseUrl(req);
   return {
     archive: {
       numFiles: 0
@@ -33,7 +34,7 @@ module.exports = async function(req) {
     title: 'Send',
     description:
       'Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.',
-    baseUrl: config.base_url,
+    baseUrl,
     ui: {},
     storage: {
       files: []