scoobie 13.0.1 → 13.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +9 -0
  2. package/package.json +1 -1
  3. package/typography.ts +12 -2
package/README.md CHANGED
@@ -96,6 +96,15 @@ const skuRender: Render<RenderContext> = {
96
96
  };
97
97
  ```
98
98
 
99
+ If you manually manage the [Content Security Policy] of your site,
100
+ you can specify the following sources along with the script hashes from [typography.ts](typography.ts):
101
+
102
+ ```http
103
+ Content-Security-Policy: font-src https://fonts.gstatic.com; script-src 'sha256-...' 'sha256-...'; style-src https://fonts.googleapis.com
104
+ ```
105
+
106
+ [content security policy]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
107
+
99
108
  ### `src/scoobie.d.ts`
100
109
 
101
110
  Import TypeScript definitions for `MDX`, `*.md` and `*.mdx`:
package/package.json CHANGED
@@ -4,7 +4,7 @@
4
4
  "license": "MIT",
5
5
  "main": "src/index.ts",
6
6
  "sideEffects": false,
7
- "version": "13.0.1",
7
+ "version": "13.0.2",
8
8
  "dependencies": {
9
9
  "@mdx-js/loader": "^1.6.22",
10
10
  "@mdx-js/react": "^1.6.22",
package/typography.ts CHANGED
@@ -4,12 +4,22 @@ export const robotoHref =
4
4
  export const robotoMonoHref =
5
5
  'https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap';
6
6
 
7
+ // Content Security Policy script hashes
8
+ // 'sha256-8fG3vVy4SKf2xd79rQ5AKI0uBpwM9Wc8SMYCcGNyuPw='
9
+ // 'sha384-moCT7/5f3Yr4vo0n3BZCjn7j0gT8qzKn7rpQqBnle0R2oLW/RqGTJ4jldVCTbOjx'
10
+ // 'sha512-4v+nFnUdafQ6pPIO42k6ziIvnqW4c8l+hYir10XE6SuIm3jfcQTK7tmqQttfYbFXZdk1X7QzPEMtshyX53o6Ug=='
7
11
  export const robotoHtml = `
8
- <link rel="preload" href="${robotoHref}" as="style" onload="this.onload=null;this.rel='stylesheet'">
12
+ <link rel="preload" href="${robotoHref}" id="robotoStyle" as="style">
9
13
  <noscript><link rel="stylesheet" href="${robotoHref}"></noscript>
14
+ <script>robotoStyle.addEventListener('load',function(){this.rel='stylesheet'})</script>
10
15
  `.trim();
11
16
 
17
+ // Content Security Policy script hashes
18
+ // 'sha256-bMQhmqqj8Sjmn6rk/siu6CPHm54TL349InovHDPXATw='
19
+ // 'sha384-03NpwxMolxf0FN4adYZfdpBY0sEYXM5vOh+mE++L9pSIoEiVLSYQfaZo1pTNuiRN'
20
+ // 'sha512-lbwBboh2OwaD10JAkMLuD8OHBlmBpOgeyMssLlb2nZUBpWqrjJKBMtAkt9rlAS/tXxpmCeBz71oTkYBoLRZBsA=='
12
21
  export const robotoMonoHtml = `
13
- <link rel="preload" href="${robotoMonoHref}" as="style" onload="this.onload=null;this.rel='stylesheet'">
22
+ <link rel="preload" href="${robotoMonoHref}" id="robotoMonoStyle" as="style">
14
23
  <noscript><link rel="stylesheet" href="${robotoMonoHref}"></noscript>
24
+ <script>robotoMonoStyle.addEventListener('load',function(){this.rel='stylesheet'})</script>
15
25
  `.trim();