diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index 0c0aec8..1f6b2b6 100644
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -20,5 +20,5 @@
//= require codemirror/modes/css
//= require codemirror/modes/javascript
//= require codemirror/modes/htmlmixed
-//= require translations
-//= require_tree .
+//= require mathjax-config
+//= require init
\ No newline at end of file
diff --git a/app/assets/javascripts/translations.js.coffee b/app/assets/javascripts/init.coffee
similarity index 61%
rename from app/assets/javascripts/translations.js.coffee
rename to app/assets/javascripts/init.coffee
index 843e89f..fbac815 100644
--- a/app/assets/javascripts/translations.js.coffee
+++ b/app/assets/javascripts/init.coffee
@@ -1,6 +1,4 @@
-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/
+window.App ||= {}
cm = null
@@ -13,8 +11,12 @@ loadCodeMirror = ->
mode: "text/html"
})
-$(document).on "turbolinks:load", loadCodeMirror
+App.init = ->
+ MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
+ loadCodeMirror();
+$(document).on "turbolinks:load", ->
+ App.init()
$(document).on "click", '#translationNav a[href="#preview"]', ->
$('#preview .problem-content').html(cm.getValue())
diff --git a/app/assets/javascripts/mathjax-config.js b/app/assets/javascripts/mathjax-config.js
new file mode 100644
index 0000000..9dacc40
--- /dev/null
+++ b/app/assets/javascripts/mathjax-config.js
@@ -0,0 +1,9 @@
+window.MathJax = {
+ jax: ["input/TeX", "output/HTML-CSS"],
+ tex2jax: {
+ inlineMath: [ ["$","$"], ["\\(","\\)"] ],
+ displayMath: [ ["$$","$$"], ["\\[","\\]"] ],
+ processEscapes: true
+ },
+ "HTML-CSS": { availableFonts: ["TeX"] }
+};
\ No newline at end of file
diff --git a/app/assets/javascripts/mathjax.js.coffee b/app/assets/javascripts/mathjax.js.coffee
deleted file mode 100644
index 0f4a889..0000000
--- a/app/assets/javascripts/mathjax.js.coffee
+++ /dev/null
@@ -1,2 +0,0 @@
-$(document).on 'turbolinks:load', ->
- MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
\ No newline at end of file
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index b610e73..037e404 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -5,18 +5,7 @@
<%= favicon_link_tag %>
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
<%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
-
-
+ <%= javascript_include_tag 'https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-AMS_HTML-full,Safe', 'data-turbolinks-track' => true %>
<%= csrf_meta_tags %>
diff --git a/config/application.rb b/config/application.rb
index b4c1e2b..4cdd9aa 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -16,6 +16,10 @@ module Projekteuler
# -- all .rb files in that directory are automatically loaded after loading
# the framework and any gems in your application.
+ config.action_dispatch.default_headers = {
+ 'X-Frame-Options' => 'DENY'
+ }
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
# config.time_zone = 'Central Time (US & Canada)'
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 7312a67..cce0e2f 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -47,7 +47,7 @@ Rails.application.configure do
# config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
- # config.force_ssl = true
+ config.force_ssl = true
# Use the lowest log level to ensure availability of diagnostic information
# when problems arise.
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index d3bcaa5..b918877 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -4,17 +4,18 @@
# For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-# Rails.application.config.content_security_policy do |policy|
-# policy.default_src :self, :https
-# policy.font_src :self, :https, :data
-# policy.img_src :self, :https, :data
-# policy.object_src :none
-# policy.script_src :self, :https
-# policy.style_src :self, :https
+Rails.application.config.content_security_policy do |policy|
+ policy.default_src :none
+ policy.font_src :self, 'https://cdnjs.cloudflare.com'
+ policy.img_src :self, 'https://cdnjs.cloudflare.com', 'https://projecteuler.net'
+ policy.object_src :none
+ policy.script_src :self, 'https://cdnjs.cloudflare.com'
+ policy.style_src :self, :unsafe_inline
+ policy.connect_src :self
-# # Specify URI for violation reports
-# # policy.report_uri "/csp-violation-report-endpoint"
-# end
+ # Specify URI for violation reports
+ # policy.report_uri "/csp-violation-report-endpoint"
+end
# If you are using UJS then enable automatic nonce generation
# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }