poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(csp): Add cdn.jsdelivr.net to local CSP policy for Swagger UI

Browse Source 
Updated local.py CSP directives to match multitenancy.py changes.
This allows Swagger UI assets to load in local development.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-01 03:58:09 -05:00
parent 86cde135a9
commit f16ccf76a8
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
smoothschedule/config/settings/local.py
View File

@@ -15,18 +15,21 @@ CSP_SCRIPT_SRC = [
"https://connect-js.stripe.com", "https://connect-js.stripe.com",
"https://www.googletagmanager.com", "https://www.googletagmanager.com",
"https://www.google-analytics.com", "https://www.google-analytics.com",
"https://cdn.jsdelivr.net", # Required for Swagger UI
"blob:", # Required for Stripe "blob:", # Required for Stripe
] ]
CSP_STYLE_SRC = [ CSP_STYLE_SRC = [
"'self'", "'self'",
"'unsafe-inline'", # Required for Stripe and many UI libraries "'unsafe-inline'", # Required for Stripe and many UI libraries
"https://fonts.googleapis.com", "https://fonts.googleapis.com",
"https://cdn.jsdelivr.net", # Required for Swagger UI
] ]
CSP_IMG_SRC = [ CSP_IMG_SRC = [
"'self'", "'self'",
"data:", "data:",
"https://*.stripe.com", "https://*.stripe.com",
"https://www.google-analytics.com", "https://www.google-analytics.com",
"https://cdn.jsdelivr.net", # Required for Swagger UI
] ]
CSP_CONNECT_SRC = [ CSP_CONNECT_SRC = [
"'self'", "'self'",