fix: adjust CSP for API docs

The generated API docs contain inline scripts, inline styles and data sources. This adapts the Netlify configuration to serve a more relaxed CSP for them.
sdirix · Jan 13, 2025 · 34f8ea2 · 34f8ea2
1 parent f6b44d6
commit 34f8ea2
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/netlify.toml b/netlify.toml
@@ -34,3 +34,8 @@
       X-Frame-Options = "SAMEORIGIN"
       X-Content-Type-Options = "nosniff"
       Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
+
+[[headers]]
+   for = "/api/*"
+   [headers.values]
+      Content-Security-Policy = "script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' data:;"