-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow api-docs CSP to be supplied #567
Labels
Milestone
Comments
I also ran into this, both with an image URL and with the swagger yaml file itself. |
I would love to see this, we also just faced this. |
👍 I had to workaround this issue too: |
👍 +1 Same issue and desire, specifically with connect-src |
@hlascelles, thank you for reporting this. Could you put together a PR to enable setting the Do you have another proposal? |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
In rswag 2.7.0 a CSP is now provided/enforced on the
/api-docs
page: #263CSPs are a Good Thing, so this is good. Unfortunately we have some scripts and images in our docs which now won't load.
Workaround
We can currently monkey-patch this method and supply our own:
rswag/rswag-ui/lib/rswag/ui/middleware.rb
Line 43 in ec12c83
Proposal
Can we formalise setting the CSP instead of using a monkey patch? I can do a PR. Do you have a preference as to how to do it?
Thanks!
The text was updated successfully, but these errors were encountered: