[IPython-dev] Insecure loading of mathjax

Fernando Perez fperez.net at gmail.com
Wed Aug 6 17:56:24 EDT 2014

On Wed, Aug 6, 2014 at 2:49 PM, Thomas Kluyver <takowl at gmail.com> wrote:

> My discussions with Mathjax developers led me to post a question on
> security.stackexchange, and I am now satisfied that what Cloudflare is
> doing with SSL certificates, although it is somewhat out of the ordinary,
> does not allow someone controlling one of those sites to MITM requests to
> another of them. So if we load Mathjax over HTTPS, we are only trusting
> mathjax.org and Cloudflare.
> https://github.com/mathjax/MathJax/issues/885
> http://security.stackexchange.com/q/64738/53098

Excellent and very informative. Thomas, many thanks for following this one
through to the end.  Glad it's not a problem, but it was very useful to
understand exactly how/why.



Fernando Perez (@fperez_org; http://fperez.org)
fperez.net-at-gmail: mailing lists only (I ignore this when swamped!)
fernando.perez-at-berkeley: contact me here for any direct mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140806/b4099d98/attachment.html>

More information about the IPython-dev mailing list