Comments (13)
I don't have any issues trying to reproduce your configuration locally on my macbook with docker, the website loads by default with darkmode theme enabled
from docusaurus.
I tried it now with a local docker NGINX too and it worked. Could lead a setting in NGINX to this problem?
from docusaurus.
We don't know, what could be the problem, but it seems solved. If you (and us) can reproduce the problem deterministically, we'll reopen, otherwise we assume it was a human mistake
from docusaurus.
I'm sorry but it is not solved. I still have the problem on my live system. I tried only with a local docker nginx and with this the problem was not happening.
I hope anyone has a hint for what could be the issue.
from docusaurus.
Did you try loading it in private browsing? Did you try any other hosting solution than Nginx? If this is specific to one setup it doesn't sound like a Docusaurus bug and should not be reported here.
from docusaurus.
If we cannot see the live system, its source code, and config, we cannot help more.
If your domain host other sites, it is possible that you encounter a storage key conflict, see https://docusaurus.io/blog/releases/3.4#site-storage---experimental for details
from docusaurus.
I also think that it can not be Docusaurus, because locally it works. That is really weird.
Yes, I tried private browsing @Josh-Cena, with no luck.
@slorber I'll check that with the key conflict. And I will copy my production config into a docker container to play around with it. I'll come back to you with the result. Thanks for the help.
from docusaurus.
The easiest for us is that you share the URL of your live deployment.
from docusaurus.
@slorber Sorry, late reply. Something else popped up.
Yes, of course. Here it is: https://md.turn-it.org/
from docusaurus.
Your site is served with a CSP header that prevents our inline script from running, you can see errors in the console logs.
Content-Security-Policy: script-src 'self'; object-src 'self'
md.turn-it.org/:6 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-O8zYuOjyuzUZDv3fub7DKfAs5TEd1dG+fz+hCSCFmQA='), or a nonce ('nonce-...') is required to enable inline execution.
Here's what this script is doing FYI, it is required to get the theme work and avoid a flash of wrong theme before React hydrates
!(function () {
function t(t) {
document.documentElement.setAttribute("data-theme", t);
}
var e =
(function () {
try {
return new URLSearchParams(window.location.search).get(
"docusaurus-theme",
);
} catch (t) {}
})() ||
(function () {
try {
return window.localStorage.getItem("theme");
} catch (t) {}
})();
t(null !== e ? e : "dark");
})(),
(function () {
try {
const n = new URLSearchParams(window.location.search).entries();
for (var [t, e] of n)
if (t.startsWith("docusaurus-data-")) {
var a = t.replace("docusaurus-data-", "data-");
document.documentElement.setAttribute(a, e);
}
} catch (t) {}
})();
from docusaurus.
Hey @slorber, thank you so much. I totally overlooked this error. It works now :) .
Are there any plans to remove the inline scripts, if that is even possible?
from docusaurus.
Afaik it's not really possible to remove the inline scripts. At best we could make it so that it works for your specific use-case by hardcoding the dark data-theme
attribute directly in the HTML doc, but for all other cases we'd still need the script to run.
This has been explained a bit here: #10231
from docusaurus.
Ah, ok. For me it is fine and I also support your point of view in #10231. I'm not an expert in XSS or general website hacking, but I also do not really see an attack surface in this kind of website.
Thanks for the fast help and Docusaurus. Really appreciate it.
from docusaurus.
Related Issues (20)
- Custom Admonition Icon: Resize and Center Vertically HOT 3
- Table Of Contents: Allow user to collapse Table of Contents
- CSS priorities are different between development and production environments HOT 2
- Sidebar generation will run `Globby` in the `node_modules` folder HOT 4
- Blog description links broken HOT 5
- plugin-content-blog: add `rejectPostsWithoutTruncate` option HOT 5
- Pagefind plugin for local search HOT 1
- Schema.org shows webpages as breadcrumbs HOT 2
- Navbar dropdown can't render correctly HOT 1
- Markdown admonition inside TabItem causes MDX compilation to fail HOT 5
- Hash navigation breaks in 3.4.0 with some plugins HOT 1
- [Docusaurus v3.4] build error with scaffolded create-docusaurus HOT 4
- Bolg post date HOT 3
- Wrong grid-template-areas when minified HOT 2
- Discontinue plugin-google-analytics due to the UA sunset HOT 5
- Algolia search modal appears when entering a keyboard shortcut to use a browser's "Find" function HOT 4
- Docusaurus 3.4.0 does not respect PostCSS plugins when it minimizes CSS files from 'static' folder HOT 3
- Wrong default value for plugin-content-docs docRootComponent
- Non-build ui js using window HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docusaurus.