opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 20:42:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/pkg/api/swagger.go
Kristian Bremberg 9b4dde7430 Modify Content-Security-Policy for Swagger UI (#63568) 
* Modify Content-Security-Policy for Swagger UI

* check if CSP is empty

Co-authored-by: João Calisto <joao.calisto@grafana.com>

* check if CSP is empty in swagger.go

---------

Co-authored-by: João Calisto <joao.calisto@grafana.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2023-08-01 11:27:44 +03:00

23 lines
578 B
Go
Raw Blame History

package api
import (
"net/http"
"strings"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
)
func swaggerUI(c *contextmodel.ReqContext) {
data := map[string]interface{}{
"Nonce": c.RequestNonce,
}
// Add CSP for unpkg.com to allow loading of Swagger UI assets
if existingCSP := c.Resp.Header().Get("Content-Security-Policy"); existingCSP != "" {
newCSP := strings.Replace(existingCSP, "style-src", "style-src https://unpkg.com/", 1)
c.Resp.Header().Set("Content-Security-Policy", newCSP)
}
c.HTML(http.StatusOK, "swagger", data)
}
Reference in New Issue View Git Blame Copy Permalink