fix: unable to see API doc due to CSP

Fix #934

Related https://github.com/python-restx/flask-restx/issues/252
pull/937/head
Raphaël Vinot 2024-09-10 17:23:57 +02:00
parent 62746943cd
commit a9ce857289
1 changed files with 6 additions and 2 deletions

View File

@ -75,7 +75,10 @@ app.debug = bool(os.environ.get('DEBUG', False))
SELF = "'self'"
Talisman(app,
force_https=False,
content_security_policy_nonce_in=['script-src', 'script-src-elem'],
content_security_policy_nonce_in=['script-src',
# Cannot enable that because https://github.com/python-restx/flask-restx/issues/252
# 'script-src-elem'
],
content_security_policy={
'default-src': SELF,
'base-uri': SELF,
@ -94,7 +97,8 @@ Talisman(app,
],
'script-src-elem': [
SELF,
"'strict-dynamic'",
# Cannot enable that because https://github.com/python-restx/flask-restx/issues/252
# "'strict-dynamic'",
"'unsafe-inline'",
],
'style-src': [