Problem: the Swagger UI pages is blocked by browser when the CSP header is submitted in the flask response. Some flask extensions such as Talisman activates the CSP header witch enforces the Browser to eliminate some CSS and JS codes from the responded page.
Suggested solution:
I think we need to pass the nonce code to be injected in all CSS and JS inline tags on any HTML page.
api = Api(
app,
title="My File Sharing API",
version="1.0",
description="API for secure file sharing",
doc="/swagger/",
js_nonce= 'c2adb6e68e57b6fc9ae701bccd9cdd38',
css_nonce= 'c2adb6e68e57b6fc9ae701bccd9cdd38',
)
Problem: the Swagger UI pages is blocked by browser when the CSP header is submitted in the flask response. Some flask extensions such as Talisman activates the CSP header witch enforces the Browser to eliminate some CSS and JS codes from the responded page.
Suggested solution:
I think we need to pass the
noncecode to be injected in all CSS and JS inline tags on any HTML page.