Hello
i wrote a little plug-in that basically replace <latex>some fomula</latex> in multi-text field by an image generated with MathTex
The resulting img tag looks like <img src="http://<mathtex_server_url>/mathtex.cgi?some formula" />
it works pretty well on IE but not on Firefox because of the "X-Content-Security-Policy"
The solution I found is to modify http_security_headers() in http_api (replacing "allow 'self'" by "allow 'self' <mathtex_server_url>")
May it be possible to do this in a less "hacky" way ?
Regards
custom X-Content-Security-Policy
Moderators: Developer, Contributor
Re: custom X-Content-Security-Policy
I'm moving from MathTex to MathJax but I think that my question is still relevant since I must allow remote js scripts (from MathJax Contents Delivery Network) to execute on my server
-
systemmind
- Posts: 1
- Joined: 04 Dec 2023, 21:49
Re: custom X-Content-Security-Policy
Hello. Could you provide your plugin please? I would want to get such functionality and maybe we would check how this issue reproduced now.
Re: custom X-Content-Security-Policy
Have a look at how it's done in the MantisGraph core plugin
- Declare event in hooks()
Code: Select all
'EVENT_CORE_HEADERS' => 'csp_headers', - Add CSP header
Code: Select all
function csp_headers() { if( config_get_global( 'cdn_enabled' ) == ON ) { http_csp_add( 'script-src', self::CHARTJS_CDN ); } }