Reputation: 21
Swashbuckle Swagger - Refused to execute inline script because it violates the following Content Security Policy directive
I've added a CSP header (using custom middleware) to the response of Web API. Unfortunately, it broke a Swagger UI which is generated by Swashbuckle Nuget v5.6.0. The problem is in generated index.html which contains inline js script which violates CSP.
Is there any way to fix it without changing header values? I would like to stick to the current policy.
I found some opened/closed issues on GitHub project page but I didn't find any solution yet.
Upvotes: 2
Views: 3480
Answers (1)
Reputation: 8556
The problem is in generated index.html which contains inline js script which violates CSP. Is there any way to fix it without changing header values? I would like to stick to the current policy.
Obviously, there is only one way - to remove all inline scripts into external files.
And you did not show your CSP header, may be it contaits 'nonce-value' so you can use it to allow some kinds of inline scripts.
Upvotes: 0
Related Questions
- Swagger gives me HTTP Error 403.14 - Forbidden
- Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
- Not able to Inject Javascript in Swagger
- Refused to execute inline script because it violates the following Content Security Policy directive
- Refused to execute inline script for Redocly
- Swashbuckle - Swagger execute button is not working
- Refused to load inline script
- Inline script violates Content Security Policy
- Swagger codegen generated client access control issue
- Unable to inject javascript with Swashbuckle/Swagger