From f16ccf76a86010679d713d5a785b4c74d07a4779 Mon Sep 17 00:00:00 2001
From: poduck <poduck@gmail.com>
Date: Mon, 1 Dec 2025 03:58:09 -0500
Subject: [PATCH] fix(csp): Add cdn.jsdelivr.net to local CSP policy for
 Swagger UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updated local.py CSP directives to match multitenancy.py changes.
This allows Swagger UI assets to load in local development.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 smoothschedule/config/settings/local.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/smoothschedule/config/settings/local.py b/smoothschedule/config/settings/local.py
index e669ed5..ab50089 100644
--- a/smoothschedule/config/settings/local.py
+++ b/smoothschedule/config/settings/local.py
@@ -15,18 +15,21 @@ CSP_SCRIPT_SRC = [
     "https://connect-js.stripe.com",
     "https://www.googletagmanager.com",
     "https://www.google-analytics.com",
+    "https://cdn.jsdelivr.net",  # Required for Swagger UI
     "blob:",  # Required for Stripe
 ]
 CSP_STYLE_SRC = [
     "'self'",
     "'unsafe-inline'",  # Required for Stripe and many UI libraries
     "https://fonts.googleapis.com",
+    "https://cdn.jsdelivr.net",  # Required for Swagger UI
 ]
 CSP_IMG_SRC = [
     "'self'",
     "data:",
     "https://*.stripe.com",
     "https://www.google-analytics.com",
+    "https://cdn.jsdelivr.net",  # Required for Swagger UI
 ]
 CSP_CONNECT_SRC = [
     "'self'",