Not allowed to load local resource

Support
1

Operating system

Linux

Joplin version

3.1.18

Desktop version info

Joplin 3.1.18 (prod, linux)

Client ID: 31a65565d08c44a6beabd6fb2e6b47a9
Sync Version: 3
Profile Version: 47
Keychain Supported: Yes

Revision: 26ae3f853 (dev)

Admonition markdown extension: 1.1.0
Backup: 1.4.2
Combine notes: 1.2.2
Convert Text To New Note: 1.5.1
Create and go to tags and @notebooks: 1.3.7
Life Calendar: 1.4.1
Math Mode: 0.6.2
Note Tabs: 1.4.0
Paste Special URLs: 1.0.0
Quick Links: 1.3.2
Slash Commands: Datetime & More: 1.4.0
Templates: 2.4.0
Text Colorize: 1.2.5
turnToChart: 1.9.3

Sync target

File system

Editor

Markdown Editor

What issue do you have?

When I link a local file I get a message

Not allowed to load local resource: file:///home/user/Pictures/icons/working.png

The markdown I'm using:

![working.png](file:///home/user/Pictures/icons/working.png)
<img alt="not working" src="file:///home/user/Pictures/icons/working.png">

Neither works

Screenshots

2024-10-21_23-48_1

2024-10-21_23-48
2024-10-21_23-48470×104 8.09 KB

2024-10-21_23-49.png

I found that it's for security, I suppose it's related to the recent editor change, it used to work a year ago. I found this post on SO, javascript - error: Not allowed to load local resource - Stack Overflow, they say it should work for local files though, is there a way to link it in Joplin?

2

This should be resolved by the linked pull request:

3

Thank you for taking your time to fix it! I read in the github thread that one can use joplin-content instead, how would it be used in my case?

4

I read in the github thread that one can use joplin-content instead, how would it be used in my case?

joplin-content can't currently be used for this without changes. At present, joplin-content://note-viewer/some/absolute/path/to/a/file can be used to load files from only allowlisted files/directories.

5

if your PR doesn't pass I'm thinking of serving a files directory using apache like adding to the apache configuration something like

Listen 57220

<VirtualHost 127.0.0.1:57220>
    ServerName localhost
    DocumentRoot "/home/user/Pictures"
    <Directory "/home/user/Pictures">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require local
    </Directory>
</VirtualHost>

and then accessing the image using src="http://127.0.0.1:57220/icons/working.png", and because I'm using my own plugin to generate those src anyway, it's not a big problem to generate them on the fly. The question is how secure is it? Because I Require local, there should be no way of an attack from the same network? What do you think about it?

6

An alternative might be to create a simlink in a directory already readable by joplin-content://.

To do this:

  1. Determine the path to Joplin's cache directory.
    • For me, it's /home/self/.config/joplindev-desktop/cache
  2. Create a subfolder that simlinks to /home/user/Pictures
  3. Use joplin-content://note-viewer/<cache directory path>/<simlink name>/photo.png for photo URIs.
7

it still doesn't work for me :frowning: after the merge

8

Be sure to enable the relevant setting (settings > Markdown > file:// URLs for images and videos).

1 Like
9

Now it works! Thanks!

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.