From f74bac9ce731abd872e1d7d8348bad0b994ca27b Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Tue, 24 Apr 2018 08:44:55 +0200
Subject: [PATCH] OO-3452: allow different types of url for math jax with CSP
 (http://, //, http:// and relative)

---
 src/main/java/org/olat/core/servlets/HeadersFilter.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/olat/core/servlets/HeadersFilter.java b/src/main/java/org/olat/core/servlets/HeadersFilter.java
index 3facbe90793..e916e77026b 100644
--- a/src/main/java/org/olat/core/servlets/HeadersFilter.java
+++ b/src/main/java/org/olat/core/servlets/HeadersFilter.java
@@ -214,9 +214,10 @@ public class HeadersFilter implements Filter {
 	}
 	
 	private void appendMathJaxUrl(StringBuilder sb) {
-		if(StringHelper.containsNonWhitespace(WebappHelper.getMathJaxCdn())) {
+		String mathJaxCdn = WebappHelper.getMathJaxCdn();
+		if(StringHelper.containsNonWhitespace(mathJaxCdn)
+				&& (mathJaxCdn.startsWith("//") || mathJaxCdn.startsWith("https://") || mathJaxCdn.startsWith("http://"))) {
 			try {
-				String mathJaxCdn = WebappHelper.getMathJaxCdn();
 				if(mathJaxCdn.startsWith("//")) {
 					mathJaxCdn = "https:" + mathJaxCdn;
 				}
-- 
GitLab