fix: CSP problem in Safari

This fix: Refused to load blob because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy
ojoanalogo · Nov 25, 2020 · 06f5f32 · 06f5f32
1 parent b09c7b2
commit 06f5f32
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/redoc-module.ts b/src/redoc-module.ts
@@ -128,7 +128,7 @@ export class RedocModule {
         // Content-Security-Policy: worker-src 'self' blob:
         res.setHeader(
           'Content-Security-Policy',
-          "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"
+          "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' 'unsafe-eval' blob:; worker-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"
         );
         // whoosh
         res.send(redocHTML);