Closed vllange closed 1 month ago
For this issue I already commented some time ago here. The issue is still ignored. https://github.com/Redocly/redoc/issues/2141
I don't understand why the redoc team doesn't load ther icon locally: It's not about removing the icon, it's about having no traffic to third party servers.
What do you think about changing RedoxOptions to
export class NestJSRedoxOptions {
// served path on that the redoc is available
useGlobalPrefix?: boolean = false;
disableGoogleFont?: boolean = false;
auth?: {
enabled?: boolean;
users: Record<string, string>;
};
/**
* set this if resolving the absolute path to the bundles directory doesn't work. E.g. when using pkg.
*/
redocBundlesDir?: string;
/**
* Enable this if you want to serve your own redoc installation. You have to install redoc as dependency.
* @default: false
*/
standalone?: boolean = false;
/**
* Overwrites given headers after nestjs-redox set default headers (e.g. content security policy).
*/
overwriteHeadersWith?: Record<string, string>;
constructor(partial?: Partial<NestJSRedoxOptions>) {
if (partial) {
Object.assign(this, partial);
}
}
}
Further more I have been thinking about replacing the cdn link using regex and save the icon to the package. That would show the correct icon instead of some placeholder.
Hey,
I totally agree with your suggestion of adding overwriteHeadersWith If that works well, the way with the replacement would of course be even better ;)
I'm not interested in removing their logo or notice, but I don't want any external calls (and in my opinion this is also very needless)
@vllange just released v1.2.0 supporting header overwrite and replacing redoc image with local one. Please check it out.
Thanks, I tested and it works as expected! Huge thanks for your work!
Hey,
sorry for the many issues 🙃
I use the standalone version so that redoc doesn't have to be loaded externally. Unfortunately, there is no way to prevent redoc's logo from being loaded via their CDN. PR's have already been rejected by them. (Their logo is currently the only resource that is still loaded externally)
I would like to use a fully GDPR-compliant solution and would therefore like to do without access to their CDN. To do this, the Content Security Policy header could be configured so that only 'self' and/or self-configured domains can be loaded (e.g. for logo).
Would it be possible and would you like to make the header overwritable via NestJSRedoxOptions?
Thank you very much!
https://github.com/julianpoemp/nestjs-redox/blob/d4cbbbaabcf1ce4d411c2c7fcea319058cf01164/libs/nestjs-redox/src/lib/nestjs-redox.module.ts#L284-L290