Allow api-docs CSP to be supplied #567

hlascelles · 2022-11-02T11:13:24Z

Problem

In rswag 2.7.0 a CSP is now provided/enforced on the /api-docs page: #263

CSPs are a Good Thing, so this is good. Unfortunately we have some scripts and images in our docs which now won't load.

We can currently monkey-patch this method and supply our own:

Line 43 in ec12c83

def csp

Can we formalise setting the CSP instead of using a monkey patch? I can do a PR. Do you have a preference as to how to do it?

Thanks!

The text was updated successfully, but these errors were encountered:

Aesthetikx · 2023-03-14T17:51:03Z

I also ran into this, both with an image URL and with the swagger yaml file itself.

sbiastoch · 2023-04-19T17:11:04Z

I would love to see this, we also just faced this.

richardonrails · 2023-08-25T19:42:05Z

👍 I had to workaround this issue too:
#619 (comment)

terrainoob · 2023-08-30T16:46:31Z

👍 +1 Same issue and desire, specifically with connect-src

romanblanco · 2023-12-20T19:33:40Z

@hlascelles, thank you for reporting this.

Could you put together a PR to enable setting the csp via rswag-ui configuration?

Do you have another proposal?

romanblanco added enhancement question labels Apr 30, 2023

romanblanco linked a pull request Dec 20, 2023 that will close this issue

Add custom content security policy configurations #716

Open

1 task

domaindrivendev added this to the Gem 2.X.0 milestone May 16, 2024