fix(api-docs): 🐛 disable unsafe-inline style-src

collinbarrett · collinbarrett · commit 29b6517569a2 · 2021-01-24T13:10:58.000-06:00
ref swagger-api/swagger-ui#5578
diff --git a/reverse-proxy/conf.d.dev/default.conf b/reverse-proxy/conf.d.dev/default.conf
@@ -20,6 +20,6 @@ server {
     rewrite    ^/api/(.*)$ /$1 break;
     proxy_pass http://api-docs:8080;
     include    location-includes/*;
-    add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;
+    add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' validator.swagger.io data:;" always;
   }
 }
diff --git a/reverse-proxy/conf.d/default.conf b/reverse-proxy/conf.d/default.conf
@@ -23,7 +23,7 @@ server {
     rewrite    ^/api/(.*)$ /$1 break;
     proxy_pass http://api-docs:8080;
     include    location-includes/*;
-    add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;
+    add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' validator.swagger.io data:;" always;
   }
 
   location / {

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,6 @@ server {`
`20`	`20`	`rewrite ^/api/(.*)$ /$1 break;`
`21`	`21`	`proxy_pass http://api-docs:8080;`
`22`	`22`	`include location-includes/*;`
`23`		`- add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;`
	`23`	`+ add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' validator.swagger.io data:;" always;`
`24`	`24`	`}`
`25`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ server {`
`23`	`23`	`rewrite ^/api/(.*)$ /$1 break;`
`24`	`24`	`proxy_pass http://api-docs:8080;`
`25`	`25`	`include location-includes/*;`
`26`		`- add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' validator.swagger.io data:;" always;`
	`26`	`+ add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' validator.swagger.io data:;" always;`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`location / {`