fix: allow Dropbox dropins in CSP directives

Signed-off-by: Max Wu <[email protected]>

Author: jackycute

lib/csp.js

@@ -16,6 +16,10 @@ var defaultDirectives = {
   connectSrc: ['*']
 }
 
+var dropboxDirectives = {
+  scriptSrc: ['https://www.dropbox.com']
+}
+
 var cdnDirectives = {
   scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.jsdelivr.net', 'https://cdn.mathjax.org'],
   styleSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.jsdelivr.net', 'https://fonts.googleapis.com'],
@@ -37,6 +41,7 @@ CspStrategy.computeDirectives = function () {
   mergeDirectives(directives, config.csp.directives)
   mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives)
   mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
+  mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
   mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
   mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
   if (!areAllInlineScriptsAllowed(directives)) {