Fix MathJax CSP issues

This commit is contained in:
Literallie 2017-10-18 19:37:55 +02:00
parent 080436aebb
commit 4238b9b3ef
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
5 changed files with 18 additions and 16 deletions

10
app.js
View file

@ -118,9 +118,9 @@ app.use((req, res, next) => {
// https://helmetjs.github.io/docs/csp/
if (config.csp.enable) {
var cdnDirectives = {
scriptSrc: ["https://cdnjs.cloudflare.com"],
styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"],
fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"]
scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
}
var directives = {}
for (var propertyName in config.csp.directives) {
@ -129,7 +129,7 @@ if (config.csp.enable) {
if (config.usecdn && !!cdnDirectives[propertyName]) {
directive = directive.concat(cdnDirectives[propertyName])
}
directives[propertyName] = directive;
directives[propertyName] = directive
}
}
directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" })
@ -142,7 +142,7 @@ if (config.csp.enable) {
directives: directives
}))
} else {
logger.info('Content-Security-Policy is disabled. This may be a security risk.');
logger.info('Content-Security-Policy is disabled. This may be a security risk.')
}
i18n.configure({

View file

@ -0,0 +1,8 @@
var MathJax = {
messageStyle: 'none',
skipStartupTypeset: true,
tex2jax: {
inlineMath: [['$', '$'], ['\\(', '\\)']],
processEscapes: true
}
}

View file

@ -1,6 +1,4 @@
<script type="text/x-mathjax-config">
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
<% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>

View file

@ -72,9 +72,7 @@
</body>
</html>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
<% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>

View file

@ -89,9 +89,7 @@
</div>
</div>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
</script>
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
<% if(useCDN) { %>
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script>