Swagger UI includes an inline-script
which makes it more difficult to enforce the Content-Security-Policy header.
This Gist shows a way to add an exception for Swagger UI in order to be able to enforce
the policy to an effectiv level. This is useful for example in FastAPI
where Swagger UI is added automatically for API documentation.
m-lukas
/ swagger_ui_content_security_policy.md
Created
March 9, 2023 16:46
Content-Security-Policy with Swagger UI (e.g. for FastAPI)