Recent Problem with Mermaid Plug

General
1

I have been using the mermaid plug successfully for some time. I updated to silverbullet 0.10.1 recently and I just noticed that the mermaid plugin is not working this morning. I am not sure if this is related to the silverbullet update or a change in the mermaid.js CDN. The error I got in the console is captured below.

Screenshot 2024-11-23 at 8.45.55 AM
Screenshot 2024-11-23 at 8.45.55 AM938×182 30.8 KB

Searching for a similar error, it seems that the link to the CDN must include the attribute ‘crossorigin=“anonymous”’. I am guessing this is a fix in the mermaid plug?

Thank you in advance for any suggestion.

2

One more detail which I just realized. I have the problem when I am using Arc as the browser but I just tried firefox and it is working fine there.

3

I did more tests. I got the error in Arc, Safari and Chrome but NOT on Firefox.
I am on a Macbook M2 running sonoma 14.7.1.

4

SilverBullet recently added integrity checks, and the mermaid plug is (so far) the only user of it: added integrity hash to CDN dependency · silverbulletmd/silverbullet-mermaid@35c6939 · GitHub

Have you updated the mermaid plug recently, perhaps try via Plugs: Update? Hopefully that solves the issue, otherwise I’m summoning @gorootde for support.

5

Thank you for the reply. I did try Plugs: Update, I also deleted my _plug/ folder and then run Plugs: Update but I still have the problem.

I stated earlier that the only browser it was working for me now was firefox but I now get an error there too. It is a little bit different:

None of the “sha256” hashes in the integrity attribute match the content of the subresource. The computed hash is “oXlHg6q3LSBdxTKxFw0b5j69zogWtXwhrLRRwV2rlpo=”.

Is it possible that the integrity check is working correctly and that, the hash for the mermaid.min.js has changed?

6

@rcm There is something really weird going on with jsdelivr right now. I just had a look in Firefox and Safari:

  • Both browser report that mermaid.js cannot be loaded from jsdelivr because their backend is returning a 503 error with Offline as response text.
  • Eventhough the resource was not loaded from server, Firefox seems to calculate the hash on the string Offline. This leads to the hash value oXlHg6q3LSB..., which of course does not match the correct integrity hash.
  • In Safari you can only see the 503, since the browser does not check the integrity when the request has failed

Can somebody confirm that JSDelivr does currently return 503 for loading mermaid.js?

7

See CORS problem · Issue #5 · silverbulletmd/silverbullet-mermaid · GitHub

8

In response to the request of confirming if JSDelivr returns a 503 for loading mermaid.js.

If I type https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js directly in the browser address bar, I get the javascript code using firefox, arc, safari, and chrome (MacOs Sonoma 14.7.1).

If I go to my silverbullet server (localhost) and go on a page with a code block tagged as mermaid, I got:

  • firefox: page loaded with raw mermaid code (no diagram) and none of the hash256 ... error message
  • arc: page loaded with raw mermaid code (no diagram) and ...resource requires the request to be CQRS enabled... error
  • safari: page loaded with raw mermaid code (no diagram) and Failed to load resource: the server responded with a status of 503 ().
9

Michael, I saw the pull request. Thank you.

10

PR merged, should be available on Edge

11

I ran edge a couple of minutes ago, I had to clear the site cache data and run Plugs: Update and System: Reload but mermaid diagrams are back. Thank you to @gorootde and @zef for your help!

2 Likes
12

For the future: simply reloading the client 2-3x should be sufficient.