From 06f5f32536fcb0aa6fae8b2b864f0eb5f40c3634 Mon Sep 17 00:00:00 2001
From: Alexander Vyzhanov <lembdev@gmail.com>
Date: Wed, 25 Nov 2020 16:09:20 +0200
Subject: [PATCH] fix: CSP problem in Safari

This fix: Refused to load blob because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy
---
 src/redoc-module.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/redoc-module.ts b/src/redoc-module.ts
index 73dcd19..bece00e 100644
--- a/src/redoc-module.ts
+++ b/src/redoc-module.ts
@@ -128,7 +128,7 @@ export class RedocModule {
         // Content-Security-Policy: worker-src 'self' blob:
         res.setHeader(
           'Content-Security-Policy',
-          "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"
+          "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' 'unsafe-eval' blob:; worker-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"
         );
         // whoosh
         res.send(redocHTML);