Fix MathJax CSP issues
This commit is contained in:
parent
080436aebb
commit
4238b9b3ef
5 changed files with 18 additions and 16 deletions
10
app.js
10
app.js
|
@ -118,9 +118,9 @@ app.use((req, res, next) => {
|
|||
// https://helmetjs.github.io/docs/csp/
|
||||
if (config.csp.enable) {
|
||||
var cdnDirectives = {
|
||||
scriptSrc: ["https://cdnjs.cloudflare.com"],
|
||||
styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"],
|
||||
fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"]
|
||||
scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
|
||||
styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
|
||||
fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
|
||||
}
|
||||
var directives = {}
|
||||
for (var propertyName in config.csp.directives) {
|
||||
|
@ -129,7 +129,7 @@ if (config.csp.enable) {
|
|||
if (config.usecdn && !!cdnDirectives[propertyName]) {
|
||||
directive = directive.concat(cdnDirectives[propertyName])
|
||||
}
|
||||
directives[propertyName] = directive;
|
||||
directives[propertyName] = directive
|
||||
}
|
||||
}
|
||||
directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" })
|
||||
|
@ -142,7 +142,7 @@ if (config.csp.enable) {
|
|||
directives: directives
|
||||
}))
|
||||
} else {
|
||||
logger.info('Content-Security-Policy is disabled. This may be a security risk.');
|
||||
logger.info('Content-Security-Policy is disabled. This may be a security risk.')
|
||||
}
|
||||
|
||||
i18n.configure({
|
||||
|
|
8
public/js/mathjax-config-extra.js
Normal file
8
public/js/mathjax-config-extra.js
Normal file
|
@ -0,0 +1,8 @@
|
|||
var MathJax = {
|
||||
messageStyle: 'none',
|
||||
skipStartupTypeset: true,
|
||||
tex2jax: {
|
||||
inlineMath: [['$', '$'], ['\\(', '\\)']],
|
||||
processEscapes: true
|
||||
}
|
||||
}
|
|
@ -1,6 +1,4 @@
|
|||
<script type="text/x-mathjax-config">
|
||||
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
|
||||
</script>
|
||||
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
|
||||
<% if(useCDN) { %>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
|
||||
|
|
|
@ -72,9 +72,7 @@
|
|||
</body>
|
||||
|
||||
</html>
|
||||
<script type="text/x-mathjax-config">
|
||||
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
|
||||
</script>
|
||||
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
|
||||
<% if(useCDN) { %>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
|
||||
|
|
|
@ -89,9 +89,7 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<script type="text/x-mathjax-config">
|
||||
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
|
||||
</script>
|
||||
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
|
||||
<% if(useCDN) { %>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script>
|
||||
|
|
Loading…
Reference in a new issue