diff --git a/src/frontend/app/app-common.module.ts b/src/frontend/app/app-common.module.ts
index 47a4678477afd8c511a000fcd39c3b25cf4f233a..41825d2db29527ccd61274dbdc55eb3229b13019 100755
--- a/src/frontend/app/app-common.module.ts
+++ b/src/frontend/app/app-common.module.ts
@@ -26,6 +26,7 @@ import { TimeLimitPipe } from '../plugins/timeLimit.pipe';
import { FilterListPipe } from '../plugins/filterList.pipe';
import { FullDatePipe } from '../plugins/fullDate.pipe';
import { SafeHtmlPipe } from '../plugins/safeHtml.pipe';
+import { SecureUrlPipe } from '../plugins/secureUrl.pipe';
import { EcplOnlyofficeViewerComponent } from '../plugins/onlyoffice-api-js/onlyoffice-viewer.component';
/*FRONT IMPORTS*/
@@ -110,6 +111,7 @@ export class MyHammerConfig extends HammerGestureConfig {
FilterListPipe,
FullDatePipe,
SafeHtmlPipe,
+ SecureUrlPipe,
IndexingGroupModalComponent,
SmdFabSpeedDialComponent,
SmdFabSpeedDialTrigger,
@@ -156,6 +158,7 @@ export class MyHammerConfig extends HammerGestureConfig {
FilterListPipe,
FullDatePipe,
SafeHtmlPipe,
+ SecureUrlPipe,
PdfViewerModule,
NgStringPipesModule,
SmdFabSpeedDialComponent,
diff --git a/src/frontend/app/attachments/attachments-list.component.html b/src/frontend/app/attachments/attachments-list.component.html
index 6da94830136ba328e1a18723fc4509de0ccbedf4..3b7b35b03ab5a3225b32ce41d9bcb94350dd33ed 100644
--- a/src/frontend/app/attachments/attachments-list.component.html
+++ b/src/frontend/app/attachments/attachments-list.component.html
@@ -16,7 +16,7 @@
</mat-button-toggle>
</mat-button-toggle-group>
<mat-card *ngFor="let attachment of attachments | filterList:currentFilter:'type'"
- [class.signed]="attachment.status==='SIGN'" [style.background-image]="'url('+attachment.thumbnailUrl+')'"
+ [class.signed]="attachment.status==='SIGN'" [style.background-image]="'url('+(attachment.thumbnailUrl | secureUrl | async)+')'"
style="padding:0;margin: 30px;min-height: 300px;background-size: cover;overflow: hidden;"
(mouseover)="$event.stopPropagation();toggleInfo(attachment,true)">
<div class="layout" *ngIf="attachment.hideMainInfo" [@myAnimation] (click)="showAttachment(attachment)">
diff --git a/src/frontend/app/folder/document-list/folder-document-list.component.html b/src/frontend/app/folder/document-list/folder-document-list.component.html
index 9a1da881adbd94926a7f1f23e4fcf2fa8b85f3ec..a547d2270db993f64846edc3b60246694efdb384 100644
--- a/src/frontend/app/folder/document-list/folder-document-list.component.html
+++ b/src/frontend/app/folder/document-list/folder-document-list.component.html
@@ -1,7 +1,7 @@
<mat-sidenav-container class="maarch-container">
<mat-sidenav-content>
<mat-card id="viewThumbnail" style="display:none;position: fixed;z-index: 2;margin-left: 1px;">
- <img style="max-height: 100vh;" src="{{thumbnailUrl}}" />
+ <img style="max-height: 100vh;" [src]="thumbnailUrl | secureUrl | async" />
</mat-card>
<div class="bg-head">
<div class="bg-head-title" [class.customContainerRight]="appService.getViewMode()">
diff --git a/src/frontend/app/home/followed-list/followed-document-list.component.html b/src/frontend/app/home/followed-list/followed-document-list.component.html
index 47cf008c4c7f0730d0ec0e5c3a09c413ba11e1e4..ed8fd1d7a0ce63d57fa683a080818fbf19ea8164 100644
--- a/src/frontend/app/home/followed-list/followed-document-list.component.html
+++ b/src/frontend/app/home/followed-list/followed-document-list.component.html
@@ -1,7 +1,7 @@
<mat-sidenav-container class="maarch-container">
<mat-sidenav-content>
<mat-card id="viewThumbnail" style="display:none;position: fixed;z-index: 2;margin-left: 1px;">
- <img style="max-height: 100vh;" src="{{thumbnailUrl}}" />
+ <img style="max-height: 100vh;" [src]="thumbnailUrl | secureUrl | async" />
</mat-card>
<div class="bg-head">
<div class="bg-head-title" [class.customContainerRight]="appService.getViewMode()">
diff --git a/src/frontend/app/home/home.component.html b/src/frontend/app/home/home.component.html
index dc1c740c2781774910f0d201b07754ce20f43c96..e7e72a734a0d824a523a74b917b41fb6773a8c7b 100644
--- a/src/frontend/app/home/home.component.html
+++ b/src/frontend/app/home/home.component.html
@@ -1,7 +1,7 @@
<mat-sidenav-container autosize class="maarch-container">
<mat-sidenav-content>
<mat-card id="viewThumbnail" style="display:none;position: fixed;z-index: 2;margin-left: 1px;"><img
- style="max-height: 100vh;" src="{{thumbnailUrl}}" />
+ style="max-height: 100vh;" [src]="thumbnailUrl | secureUrl | async" />
</mat-card>
<div class="bg-head">
<div class="bg-head-title" [class.customContainerRight]="appService.getViewMode()">
diff --git a/src/frontend/app/linkedResource/linked-resource-list.component.html b/src/frontend/app/linkedResource/linked-resource-list.component.html
index c141469f5e76dff811137e58947d18b8225db90e..c18a29c947050e2fe1fac5a64dd5ff07fdfc017b 100644
--- a/src/frontend/app/linkedResource/linked-resource-list.component.html
+++ b/src/frontend/app/linkedResource/linked-resource-list.component.html
@@ -6,7 +6,7 @@
<ng-template #elseLoading>
<mat-card id="viewThumbnail"
style="display:none;position: fixed;z-index: 2;margin-left: 1px;left: 50%;transform: translate(-50%,-50%);top: 50%;">
- <img style="max-height: 100vh;" src="{{thumbnailUrl}}" /></mat-card>
+ <img style="max-height: 100vh;" [src]="thumbnailUrl | secureUrl | async" /></mat-card>
<div class="row" style="margin: 0px;">
<div class="col-md-12">
<mat-paginator #paginator [length]="100" [hidePageSize]="true" [pageSize]="10">
diff --git a/src/frontend/app/list/basket-list.component.html b/src/frontend/app/list/basket-list.component.html
index 79e25b250a0575ff4da65f9761bc8ea00001b3ab..2077e7792634cebcc03d6fa2ee1ed0ea3f95027c 100644
--- a/src/frontend/app/list/basket-list.component.html
+++ b/src/frontend/app/list/basket-list.component.html
@@ -1,6 +1,6 @@
<mat-sidenav-container class="maarch-container">
<mat-sidenav-content>
- <mat-card id="viewThumbnail" style="display:none;position: fixed;z-index: 2;margin-left: 1px;"><img style="max-height: 100vh;" src="{{thumbnailUrl}}" /></mat-card>
+ <mat-card id="viewThumbnail" style="display:none;position: fixed;z-index: 2;margin-left: 1px;"><img style="max-height: 100vh;" [src]="thumbnailUrl | secureUrl | async" /></mat-card>
<div class="bg-head">
<div class="bg-head-title" [class.customContainerRight]="appService.getViewMode()">
<div class="bg-head-title-label">
diff --git a/src/frontend/plugins/secureUrl.pipe.ts b/src/frontend/plugins/secureUrl.pipe.ts
new file mode 100644
index 0000000000000000000000000000000000000000..99e88efc35b05103e4ec242538957fede4715104
--- /dev/null
+++ b/src/frontend/plugins/secureUrl.pipe.ts
@@ -0,0 +1,40 @@
+import { Pipe, PipeTransform } from '@angular/core';
+import { HttpClient, HttpHeaders } from '@angular/common/http';
+import { Observable } from 'rxjs/internal/Observable';
+import { AuthService } from '../service/auth.service';
+
+@Pipe({
+ name: 'secureUrl'
+})
+export class SecureUrlPipe implements PipeTransform {
+
+ constructor(
+ private http: HttpClient,
+ private authService: AuthService
+ ) { }
+
+ transform(url: string) {
+ const headers = new HttpHeaders({
+ 'Authorization': 'Bearer ' + this.authService.getToken()
+ });
+
+ return new Observable<string>((observer) => {
+ // This is a tiny blank image
+ observer.next('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==');
+
+ if (url !== undefined) {
+ // The next and error callbacks from the observer
+ const { next, error } = observer;
+
+ this.http.get(url, { headers: headers, responseType: 'blob' }).subscribe(response => {
+ const reader = new FileReader();
+ reader.readAsDataURL(response);
+ reader.onloadend = () => {
+ observer.next(reader.result as any);
+ };
+ });
+ }
+ return { unsubscribe() { } };
+ });
+ }
+}