fix: make mermaid.js store locally & remove duplicated import#437
fix: make mermaid.js store locally & remove duplicated import#437imbajin merged 2 commits intoapache:masterfrom
Conversation
dosubot
bot
added
size:XS
There was a problem hiding this comment.
Pull request overview
This pull request addresses issue #408 by replacing the external Mermaid CDN script with a locally hosted version to comply with ASF CSP (Content Security Policy) rules. The change ensures that all scripts are loaded from 'self' rather than external domains.
- Replaced CDN-hosted mermaid library with local file at
themes/docsy/static/js/mermaid.min.js - Added mermaid package dependency to package.json for version tracking
- Updated script reference in head-end.html to use local path instead of jsdelivr CDN
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| themes/docsy/layouts/partials/hooks/head-end.html | Updated mermaid script source from jsdelivr CDN to local file path using relURL |
| package.json | Added mermaid v10.9.5 as a dependency to track the library version being used |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| {{ if .Site.Params.mermaid.enable }} | ||
| <script src="https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js"></script> | ||
| <script src="{{ "js/mermaid.min.js" | relURL }}"></script> |
There was a problem hiding this comment.
This change introduces duplicate loading of mermaid.min.js. The Mermaid library is already loaded in themes/docsy/layouts/partials/scripts.html at line 6. Loading the same library twice will cause unnecessary bandwidth usage and may lead to initialization conflicts.
Consider removing this script tag since Mermaid is already loaded in scripts.html, or remove the one in scripts.html if this location is preferred.
| <script src="{{ "js/mermaid.min.js" | relURL }}"></script> |
There was a problem hiding this comment.
hi @imbajin ,
Updated head-end.html to only handle Mermaid initialization. The library itself is now loaded once from scripts.html via the local js/mermaid.min.js file to avoid duplicate script loading.
imbajin
changed the title
Purpose of the PR
Replaced the external Mermaid CDN script with a locally hosted
mermaid.min.jsto make Mermaid rendering compliant with ASF CSP rules.Summary
mermaid.min.jsunderstatic/js/head-end.htmlto load Mermaid from'self'instead of an external CDN