Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-18 10:45:31 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
f70db19cc6eacf9436a0f92ef302989ec3a038f0
odysseus/core
T
History
Shreyas S Joshi f70db19cc6 fix(document): allow render-pdf to be framed and 503 cleanly on missing PyMuPDF (#2103) 
* fix(document): allow render-pdf to be framed and 503 cleanly on missing PyMuPDF

Fixes #2101.

Two related bugs in the PDF-form library preview flow:

1. SecurityHeadersMiddleware was sending X-Frame-Options: DENY and
   frame-ancestors 'none' on /api/document/{doc_id}/render-pdf, but
   static/js/documentLibrary.js embeds the response in an <iframe> for
   the library card preview. The browser blocked the load with
   ERR_BLOCKED_BY_RESPONSE, leaving the user with a blank panel.

   Extend the existing is_tool_render exemption to also cover
   /api/document/.../render-pdf. Per-document owner checks still run in
   the route handler, so the exemption is scoped the same way as the
   tool-render exemption it mirrors. /api/document/.../export-pdf is
   left untouched — it's a download (Content-Disposition: attachment),
   not an iframe embed.

2. routes/document_routes.py:render_pdf called fill_fields, which
   raises RuntimeError via _require_fitz() when the optional PyMuPDF
   dependency isn't installed. That RuntimeError bubbled out as a
   generic 500 with a cryptic 'PDF render failed' detail.

   Reuse the existing _load_pdf_viewer_fitz() helper to fail fast with
   a 503 and a user-actionable install hint (mentions
   requirements-optional.txt and AGPL-3.0), matching the convention
   used by the other PDF endpoints.

Tests cover both fixes:
- middleware headers on /api/document/.../render-pdf (iframeable, but
  X-Content-Type-Options and Referrer-Policy are still set)
- middleware headers on /api/document/.../export-pdf (must stay strict)
- middleware path matching precision (similar-but-different paths stay
  strict)
- middleware headers on /api/tools/.../render (no regression)
- middleware headers on /api/chat (no regression)
- render-pdf returns 503 with install hint when PyMuPDF is missing
- 503 is raised before any file I/O (fail-fast ordering)

* chore: address maintainer feedback on PDF previews same-origin framing and comment trimming

* chore: make render-pdf regression tests order-independent
2026-06-18 06:25:26 +00:00
..
__init__.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
atomic_io.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
auth.py
refactor(auth): centralize the internal-tool pseudo-username into a constant (#4333)
2026-06-16 13:13:00 +02:00
constants.py
refactor(constants): single source of truth for data dir (#3368)
2026-06-08 09:58:52 +02:00
database.py
feat(paths): abstract runtime path logic for frozen distribution packages (#969)
2026-06-15 17:44:10 +01:00
exceptions.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
middleware.py
fix(document): allow render-pdf to be framed and 503 cleanly on missing PyMuPDF (#2103)
2026-06-18 06:25:26 +00:00
models.py
fix: session context drifting — messages leaking between chats (#135) (#267)
2026-06-09 14:12:52 +01:00
platform_compat.py
fix(platform): read proc version with utf-8
2026-06-11 21:58:22 +01:00
session_manager.py
fix: session context drifting — messages leaking between chats (#135) (#267)
2026-06-09 14:12:52 +01:00