poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(csp): Allow cdn.jsdelivr.net for Swagger UI assets

Browse Source 
Added cdn.jsdelivr.net to Content Security Policy directives to allow
Swagger UI assets (JavaScript, CSS, and images) to load properly.

Updated CSP directives:
- CSP_SCRIPT_SRC: Added cdn.jsdelivr.net for swagger-ui-bundle.js
- CSP_STYLE_SRC: Added cdn.jsdelivr.net for swagger-ui.css
- CSP_IMG_SRC: Added cdn.jsdelivr.net for favicon

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-01 03:56:05 -05:00
parent 7e151a23cc
commit 86cde135a9
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
smoothschedule/config/settings/multitenancy.py
View File

@@ -239,17 +239,20 @@ CSP_SCRIPT_SRC = (
"https://connect-js.stripe.com", "https://connect-js.stripe.com",
"https://www.googletagmanager.com", "https://www.googletagmanager.com",
"https://www.google-analytics.com", "https://www.google-analytics.com",
"https://cdn.jsdelivr.net", # Required for Swagger UI
"blob:", # Required for Stripe "blob:", # Required for Stripe
) )
CSP_STYLE_SRC = ( CSP_STYLE_SRC = (
"'self'", "'self'",
"'unsafe-inline'", # Required for Stripe and many UI libraries "'unsafe-inline'", # Required for Stripe and many UI libraries
"https://cdn.jsdelivr.net", # Required for Swagger UI
) )
CSP_IMG_SRC = ( CSP_IMG_SRC = (
"'self'", "'self'",
"data:", "data:",
"https://*.stripe.com", "https://*.stripe.com",
"https://www.google-analytics.com", "https://www.google-analytics.com",
"https://cdn.jsdelivr.net", # Required for Swagger UI
) )
CSP_CONNECT_SRC = ( CSP_CONNECT_SRC = (
"'self'", "'self'",