Add swagger validator to allowed external images

SEED-platform · Aug 6, 2020 · 7f80d1a · 7f80d1a
1 parent 5f338bd
commit 7f80d1a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docker/nginx-seed.conf b/docker/nginx-seed.conf
@@ -24,7 +24,7 @@ add_header X-XSS-Protection "1; mode=block";
 # https://www.html5rocks.com/en/tutorials/security/content-security-policy/
 # https://www.owasp.org/index.php/Content_Security_Policy
 # https://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
-add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://stamen-tiles-a.a.ssl.fastly.net https://stamen-tiles-b.a.ssl.fastly.net https://stamen-tiles-c.a.ssl.fastly.net https://stamen-tiles-d.a.ssl.fastly.net; style-src 'self' 'unsafe-inline'; frame-src 'self'; object-src 'none'";
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://stamen-tiles-a.a.ssl.fastly.net https://stamen-tiles-b.a.ssl.fastly.net https://stamen-tiles-c.a.ssl.fastly.net https://stamen-tiles-d.a.ssl.fastly.net https://validator.swagger.io; style-src 'self' 'unsafe-inline'; frame-src 'self'; object-src 'none'";
 
 # HSTS
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;