Skip to content

Commit

Permalink
security: Add swagger src to csp
Browse files Browse the repository at this point in the history 
Fixes #760
  • Loading branch information
@topher-lo
topher-lo committed Jan 16, 2025
1 parent bab6941 commit 7ba6ba1
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions tracecat/middleware/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ async def dispatch(self, request: Request, call_next):
"frame-ancestors 'none'",
"img-src 'self' data:",
"object-src 'none'",
"script-src 'self' 'unsafe-inline' https://*.posthog.com",
"style-src 'self' 'unsafe-inline'",
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/[email protected]/swagger-ui-bundle.js",
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/[email protected]/swagger-ui.css",
]
else:
csp_directives = [
Expand All @@ -26,8 +26,8 @@ async def dispatch(self, request: Request, call_next):
"frame-ancestors 'none'",
"img-src 'self' data:",
"object-src 'none'",
"script-src 'self' 'unsafe-inline'",
"style-src 'self' 'unsafe-inline'",
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/[email protected]/swagger-ui-bundle.js",
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/[email protected]/swagger-ui.css",
]
headers = {
"Strict-Transport-Security": "max-age=7776000; includeSubDomains",
Expand Down

0 comments on commit 7ba6ba1

Please sign in to comment.