Fix MathJax CSP issues

This commit is contained in:
Literallie 2017-10-18 19:37:55 +02:00
parent 080436aebb
commit 4238b9b3ef
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
5 changed files with 18 additions and 16 deletions

14
app.js
View file

@ -118,22 +118,22 @@ app.use((req, res, next) => {
// https://helmetjs.github.io/docs/csp/ // https://helmetjs.github.io/docs/csp/
if (config.csp.enable) { if (config.csp.enable) {
var cdnDirectives = { var cdnDirectives = {
scriptSrc: ["https://cdnjs.cloudflare.com"], scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"], styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"] fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
} }
var directives = {} var directives = {}
for (var propertyName in config.csp.directives) { for (var propertyName in config.csp.directives) {
if(config.csp.directives.hasOwnProperty(propertyName)) { if (config.csp.directives.hasOwnProperty(propertyName)) {
var directive = config.csp.directives[propertyName] var directive = config.csp.directives[propertyName]
if (config.usecdn && !!cdnDirectives[propertyName]) { if (config.usecdn && !!cdnDirectives[propertyName]) {
directive = directive.concat(cdnDirectives[propertyName]) directive = directive.concat(cdnDirectives[propertyName])
} }
directives[propertyName] = directive; directives[propertyName] = directive
} }
} }
directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" }) directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" })
if(config.csp.upgradeInsecureRequests === 'auto') { if (config.csp.upgradeInsecureRequests === 'auto') {
directives.upgradeInsecureRequests = config.usessl === 'true' directives.upgradeInsecureRequests = config.usessl === 'true'
} else { } else {
directives.upgradeInsecureRequests = config.csp.upgradeInsecureRequests === 'true' directives.upgradeInsecureRequests = config.csp.upgradeInsecureRequests === 'true'
@ -142,7 +142,7 @@ if (config.csp.enable) {
directives: directives directives: directives
})) }))
} else { } else {
logger.info('Content-Security-Policy is disabled. This may be a security risk.'); logger.info('Content-Security-Policy is disabled. This may be a security risk.')
} }
i18n.configure({ i18n.configure({

View file

@ -0,0 +1,8 @@
var MathJax = {
messageStyle: 'none',
skipStartupTypeset: true,
tex2jax: {
inlineMath: [['$', '$'], ['\\(', '\\)']],
processEscapes: true
}
}

View file

@ -1,6 +1,4 @@
<script type="text/x-mathjax-config"> <script src="<%= url %>/js/mathjax-config-extra.js"></script>
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<% if(useCDN) { %> <% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>

View file

@ -72,9 +72,7 @@
</body> </body>
</html> </html>
<script type="text/x-mathjax-config"> <script src="<%= url %>/js/mathjax-config-extra.js"></script>
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<% if(useCDN) { %> <% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>

View file

@ -89,9 +89,7 @@
</div> </div>
</div> </div>
<script type="text/x-mathjax-config"> <script src="<%= url %>/js/mathjax-config-extra.js"></script>
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<% if(useCDN) { %> <% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script>