We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In rswag 2.7.0 a CSP is now provided/enforced on the /api-docs page: #263
/api-docs
CSPs are a Good Thing, so this is good. Unfortunately we have some scripts and images in our docs which now won't load.
We can currently monkey-patch this method and supply our own:
rswag/rswag-ui/lib/rswag/ui/middleware.rb
Line 43 in ec12c83
Can we formalise setting the CSP instead of using a monkey patch? I can do a PR. Do you have a preference as to how to do it?
Thanks!
The text was updated successfully, but these errors were encountered:
I also ran into this, both with an image URL and with the swagger yaml file itself.
Sorry, something went wrong.
I would love to see this, we also just faced this.
👍 I had to workaround this issue too: #619 (comment)
👍 +1 Same issue and desire, specifically with connect-src
@hlascelles, thank you for reporting this.
Could you put together a PR to enable setting the csp via rswag-ui configuration?
csp
Do you have another proposal?
Successfully merging a pull request may close this issue.
Problem
In rswag 2.7.0 a CSP is now provided/enforced on the
/api-docs
page: #263CSPs are a Good Thing, so this is good. Unfortunately we have some scripts and images in our docs which now won't load.
Workaround
We can currently monkey-patch this method and supply our own:
rswag/rswag-ui/lib/rswag/ui/middleware.rb
Line 43 in ec12c83
Proposal
Can we formalise setting the CSP instead of using a monkey patch? I can do a PR. Do you have a preference as to how to do it?
Thanks!
The text was updated successfully, but these errors were encountered: