From a9ce857289852ada631b9e197112f39c43a1d474 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Tue, 10 Sep 2024 17:23:57 +0200
Subject: [PATCH] fix: unable to see API doc due to CSP

Fix #934

Related https://github.com/python-restx/flask-restx/issues/252
---
 website/web/__init__.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/website/web/__init__.py b/website/web/__init__.py
index bf06f530..9a260a77 100644
--- a/website/web/__init__.py
+++ b/website/web/__init__.py
@@ -75,7 +75,10 @@ app.debug = bool(os.environ.get('DEBUG', False))
 SELF = "'self'"
 Talisman(app,
          force_https=False,
-         content_security_policy_nonce_in=['script-src', 'script-src-elem'],
+         content_security_policy_nonce_in=['script-src',
+                                           # Cannot enable that because https://github.com/python-restx/flask-restx/issues/252
+                                           # 'script-src-elem'
+                                           ],
          content_security_policy={
              'default-src': SELF,
              'base-uri': SELF,
@@ -94,7 +97,8 @@ Talisman(app,
              ],
              'script-src-elem': [
                  SELF,
-                 "'strict-dynamic'",
+                 # Cannot enable that because https://github.com/python-restx/flask-restx/issues/252
+                 # "'strict-dynamic'",
                  "'unsafe-inline'",
              ],
              'style-src': [