Not allowed to load local resource

banan314 · 2024-10-21T21:49:59.536Z

Operating system

Linux

Joplin version

3.1.18

Desktop version info

Joplin 3.1.18 (prod, linux)

Client ID: 31a65565d08c44a6beabd6fb2e6b47a9
Sync Version: 3
Profile Version: 47
Keychain Supported: Yes

Revision: 26ae3f853 (dev)

Admonition markdown extension: 1.1.0
Backup: 1.4.2
Combine notes: 1.2.2
Convert Text To New Note: 1.5.1
Create and go to tags and @notebooks: 1.3.7
Life Calendar: 1.4.1
Math Mode: 0.6.2
Note Tabs: 1.4.0
Paste Special URLs: 1.0.0
Quick Links: 1.3.2
Slash Commands: Datetime & More: 1.4.0
Templates: 2.4.0
Text Colorize: 1.2.5
turnToChart: 1.9.3

Sync target

File system

Editor

Markdown Editor

What issue do you have?

When I link a local file I get a message

Not allowed to load local resource: file:///home/user/Pictures/icons/working.png

The markdown I'm using:

![working.png](file:///home/user/Pictures/icons/working.png)
<img alt="not working" src="file:///home/user/Pictures/icons/working.png">

Neither works

Screenshots

2024-10-21_23-48_1

2024-10-21_23-48470×104 8.09 KB

I found that it's for security, I suppose it's related to the recent editor change, it used to work a year ago. I found this post on SO, javascript - error: Not allowed to load local resource - Stack Overflow, they say it should work for local files though, is there a way to link it in Joplin?

personalizedrefriger · 2024-10-22T19:41:02.421Z

This should be resolved by the linked pull request:

github.com/laurent22/joplin

Desktop: Re-enable media with local file URLs in the note viewer

laurent22:release-3.1 ← personalizedrefrigerator:pr/desktop/fix-local-file-previews

opened 07:40PM - 22 Oct 24 UTC

personalizedrefrigerator

+120 -15

# Summary Rendering media with local file URLs in the note viewer was origina…lly disabled in https://github.com/laurent22/joplin/pull/10678. This pull request re-enables it by mapping `file://` URLs to `joplin-content://` URLs. See https://discourse.joplinapp.org/t/not-allowed-to-load-local-resource/41500. # Testing plan **Linux (Fedora 40)**: 1. Create files `/home/self/Videos/test.mp4` and `/home/self/Pictures/test.jpg`. 2. Create a new note with the following content: ```markdown <video src="file:///home/self/Videos/test.mp4" controls></video> <img src="file:///home/self/Pictures/test.jpg"/> <video controls> <source src="file:///home/self/Videos/test.mp4" controls></source> </video> ``` 3. Verify that both videos and the image render in the Markdown viewer. 4. Open an existing note with an audio attachment (resource). 5. Verify that the embedded audio can still play.

banan314 · 2024-10-23T21:26:20.492Z

Thank you for taking your time to fix it! I read in the github thread that one can use joplin-content instead, how would it be used in my case?

personalizedrefriger · 2024-10-24T22:56:37.665Z

I read in the github thread that one can use joplin-content instead, how would it be used in my case?

joplin-content can't currently be used for this without changes. At present, joplin-content://note-viewer/some/absolute/path/to/a/file can be used to load files from only allowlisted files/directories.

banan314 · 2024-10-25T13:44:55.085Z

if your PR doesn't pass I'm thinking of serving a files directory using apache like adding to the apache configuration something like

Listen 57220

<VirtualHost 127.0.0.1:57220>
    ServerName localhost
    DocumentRoot "/home/user/Pictures"
    <Directory "/home/user/Pictures">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require local
    </Directory>
</VirtualHost>

and then accessing the image using src="http://127.0.0.1:57220/icons/working.png", and because I'm using my own plugin to generate those src anyway, it's not a big problem to generate them on the fly. The question is how secure is it? Because I Require local, there should be no way of an attack from the same network? What do you think about it?

personalizedrefriger · 2024-10-25T22:19:38.966Z

An alternative might be to create a simlink in a directory already readable by joplin-content://.

To do this:

Determine the path to Joplin's cache directory.
- For me, it's /home/self/.config/joplindev-desktop/cache
Create a subfolder that simlinks to /home/user/Pictures
Use joplin-content://note-viewer/<cache directory path>/<simlink name>/photo.png for photo URIs.

banan314 · 2024-11-11T22:54:06.741Z

it still doesn't work for me after the merge

personalizedrefriger · 2024-11-11T23:02:37.871Z

Be sure to enable the relevant setting (settings > Markdown > file:// URLs for images and videos).

banan314 · 2024-11-11T23:03:59.918Z

Now it works! Thanks!