Closed FDiskas closed 5 months ago
Not sure!
This is more of a Content Security Policy question than a Helmet question. A quick web search gave these instructions which might help?
I'm going to close this issue because I don't think there's anything wrong with Helmet, but let me know if that's wrong and I'll reopen.
@EvanHahn - thank you
For users who landed here from Google - here is working CSP config for swagger
helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: [`'self'`],
imgSrc: [`data:`, `https:`],
objectSrc: [`'none'`],
scriptSrc: [
`cdn.jsdelivr.net`,
`stackpath.bootstrapcdn.com`,
`'self'`,
`'unsafe-inline'`,
],
styleSrc: [
`fonts.googleapis.com`,
`stackpath.bootstrapcdn.com`,
`'self'`,
`'unsafe-inline'`,
],
},
},
}),
To properly load swagger what settings should be used?