Forum Discussion

Occasional Visitor

2 years ago

Swagger UI requires 'unsafe-eval' or 'unsafe-inline' as part of CSP header load

We are using the following CSP header in our application: "script-src https: 'self';"

However, when using the above CSP header, Swagger UI fails to load with an error in the console saying that Swagger UI requires either unsafe-eval, unsafe-inline, sha or nonce in the script-src CSP header.

When adding them, "script-src https: 'unsafe-eval' 'unsafe-inline' 'self';", the Swagger UI works fine, but this deletes the purpose of hardening security using CSP headers.

Swagger UI

No RepliesBe the first to reply

Recent Discussions

Swagger Form Editor
7 days ago
vertigo25
Swagger Editor Display Fault
7 days ago
LTKhoo
requestInterceptor with Python
24 days ago
ankkashyap
Swagger - hide definition, BUT....
28 days ago
Developer_35436
Customize Swagger like spotify web console
30 days ago
evergreenx

Forum Discussion

Swagger UI requires 'unsafe-eval' or 'unsafe-inline' as part of CSP header load

Related Content

Conditionally Required Parameters

Zephyr API Requirements „Imported” folder

Missing Required Headers error

Report: requirements coverage

The requested operation requires elevation

Recent Discussions

Swagger Form Editor

Swagger Editor Display Fault

requestInterceptor with Python

Swagger - hide definition, BUT....

Customize Swagger like spotify web console