lib/rswag/ui/middleware.rb in rswag-ui-2.6.0 vs lib/rswag/ui/middleware.rb in rswag-ui-2.7.0
- old
+ new
@@ -12,11 +12,11 @@
redirect_uri = env['SCRIPT_NAME'].chomp('/') + '/index.html'
return [ 301, { 'Location' => redirect_uri }, [ ] ]
end
if index_path?(env)
- return [ 200, { 'Content-Type' => 'text/html' }, [ render_template ] ]
+ return [ 200, { 'Content-Type' => 'text/html', 'Content-Security-Policy' => csp }, [ render_template ] ]
end
super
end
@@ -36,9 +36,19 @@
template.result(@config.get_binding)
end
def template_filename
@config.template_locations.find { |filename| File.exist?(filename) }
+ end
+
+ def csp
+ <<~POLICY.gsub "\n", ' '
+ default-src 'self';
+ img-src 'self' data:;
+ font-src 'self' https://fonts.gstatic.com;
+ style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
+ script-src 'self' 'unsafe-inline';
+ POLICY
end
end
end
end