Skip to content

Commit

Permalink
feat: include mathjax
Browse files Browse the repository at this point in the history 
Follows installation instructions from docs.
See https://docs.mathjax.org/en/latest/web/start.html#using-mathjax-from-a-content-delivery-network-cdn
Using the TeX+SVG variant to keep it lightweight.

Loads from a CDN with SRI hashes, and restricts the Content Security
Policy narrowly to prevent any other calls being made to anything
unrelated to the MathJax package.

Signed-off-by: Mike Fiedler <miketheman@gmail.com>
  • Loading branch information
@miketheman
miketheman committed Aug 6, 2022
1 parent e672a22 commit 642ce88
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
7 changes: 7 additions & 0 deletions tests/unit/test_csp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ def test_includeme():
"*.fastly-insights.com",
"*.ethicalads.io",
"https://api.pwnedpasswords.com",
"https://cdn.jsdelivr.net/npm/mathjax@3.2.2/",
"https://2p66nmmycsj3.statuspage.io",
],
"default-src": ["'none'"],
Expand All @@ -226,13 +227,19 @@ def test_includeme():
"*.fastly-insights.com",
"*.ethicalads.io",
"'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0='",
"https://cdn.jsdelivr.net/npm/mathjax@3.2.2/",
"'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII='",
],
"style-src": [
"'self'",
"fonts.googleapis.com",
"*.ethicalads.io",
"'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM='",
"'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
"'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE='",
"'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE='",
"'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA='",
"'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='",
],
"worker-src": ["*.fastly-insights.com"],
}
Expand Down
9 changes: 9 additions & 0 deletions warehouse/csp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ def includeme(config):
"*.fastly-insights.com",
"*.ethicalads.io",
"https://api.pwnedpasswords.com",
"https://cdn.jsdelivr.net/npm/mathjax@3.2.2/",
]
+ [
item
Expand All @@ -110,6 +111,9 @@ def includeme(config):
"*.ethicalads.io",
# Hash for v1.4.0 of ethicalads.min.js
"'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0='",
"https://cdn.jsdelivr.net/npm/mathjax@3.2.2/",
# Hash for v3.2.2 of MathJax tex-svg.js
"'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII='",
],
"style-src": [
SELF,
Expand All @@ -118,6 +122,11 @@ def includeme(config):
# Hashes for inline styles generated by v1.4.0 of ethicalads.min.js
"'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM='",
"'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
# Hashes for inline styles generated by v3.2.2 of MathJax tex-svg.js
"'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE='",
"'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE='",
"'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA='",
"'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='",
],
"worker-src": ["*.fastly-insights.com"],
}
Expand Down
5 changes: 5 additions & 0 deletions warehouse/templates/base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,11 @@
integrity="sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0= sha384-UcmsCqcNRSLW/dV3Lo1oCi2/VaurXbib6p4HyUEOeIa/4OpsrnucrugAefzVZJfI sha512-q4t1L4xEjGV2R4hzqCa41P8jrgFUS8xTb8rdNv4FGvw7FpydVj/kkxBJHOiaoxHa8olCcx1Slk9K+3sNbsM4ug=="
crossorigin="anonymous"
></script>
<script async
src="https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/tex-svg.js"
integrity="sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII="
crossorigin="anonymous"
></script>
</head>

<body data-controller="viewport-toggle">
Expand Down

0 comments on commit 642ce88

Please sign in to comment.