search

scottie1984 / swagger-ui-express

Adds middleware to your express app to serve the Swagger UI bound to your Swagger document. This acts as living documentation for your API hosted from within your app.
MIT License
1.43k stars 226 forks source link

OAUTH2 redirect HTML: Refused to execute inline script #249

Open niels013 opened 3 years ago

niels013 commented 3 years ago

Project setup

What Version
OS Windows 10
Browser Microsoft Edge 89.0.774.77 and Google Chrome 89.0.4389.128
Yarn 1.22.5
Node 15.14.0
express 4.17.1
swagger-ui-express 4.1.6

Adding swagger UI by adding the following code:

const swaggerOptions: swaggerUI.SwaggerOptions = {
      explorer: true,
      swaggerOptions: {
        oauth2RedirectUrl: 'http://localhost:3000/swagger/oauth2-redirect.html',
        urls: [
          {
            url: 'http://localhost:3000/swagger/v1/swagger.json',
            name: 'Swagger title'
          }
        ]
      }
    };

app.use('/swagger', swaggerUI.serve, swaggerUI.setup(undefined, swaggerOptions));

Expected behaviour

After succesfully authenticating using the OAUTH2 implicit flow, load redirect HTML and then redirect back to swagger UI with access token filled in.

Actual behaviour

When loading the redirect HTML page, it never returns to the swagger UI and gives an error.

Screenshots

image image

MiniMarker commented 3 years ago

👀 I'm experiencing the same issue.

jatinmehrotra commented 3 years ago

Any update on the solution?

scottie1984 commented 2 years ago

I wasn't able to replicate but I am guessing you have CSP headers enabled. As per this issue https://github.com/scottie1984/swagger-ui-express/issues/255 I cannot resolve this initially so the only option would be to disable CSP checks for swagger-ui-express routes until a fix is implemented in swagger-ui.