Closed daniil-berg closed 1 month ago
Agreed, a hard-coded URL is not sensible! Let's fix this.
May I suggest we:
Just to add a little complication, filter_mathjaxloader | httpsurl is not necessarily enough as we need config settings. The hard-coded URL is just for use in iframes (e.g. JSXGraph) and currently uses query ?config=TeX-AMS-MML_HTMLorMML
rather than the config set in the Moodle filter settings. Not sure exactly what our best option is but I've created a change to add the config parameter if there isn't one in httpsurl already. https://github.com/maths/moodle-qtype_stack/blob/03954878bab5879f22d7997025c98aff4a870960/vle_specific.php#L197
This was mentioned in #992, specifically in this comment, so I want to focus on this specific issue.
Right now the MathJax URL is hard-coded to point to
cdn.jsdelivr.net
: https://github.com/maths/moodle-qtype_stack/blob/dc19c913b6c4a8fc8b8ef20ae31ced699d23dd7b/vle_specific.php#L188-L194I realize that a specific CORS Header is required to make this work, but it would still be nice, if we could change the URL without having to create our own fork and branch of this repository.
In fact, simply pointing to the
filter_mathjaxloader | httpsurl
Moodle setting should be fine. You could add some documentation to the plugin that explains that changing that setting without ensuring the correct CORS header will affect this.Alternatively, a separate config option just for this plugin would also be fine. There you could add the info about the CORS issue right next to the setting.
In any case, a hard-coded URL is not ideal. We have a strict CSP for our Moodle instance that blocks almost all other domains and we use our own installation of MathJax that we point
filter_mathjaxloader | httpsurl
to.