flask-restx icon indicating copy to clipboard operation
flask-restx copied to clipboard
verified publisher icon python-restx

Integrate with Tasliman - Content Security Policy (CSP)

Open samialfattani opened this issue 1 week ago • 0 comments

Problem: the Swagger UI pages is blocked by browser when the CSP header is submitted in the flask response. Some flask extensions such as Talisman activates the CSP header witch enforces the Browser to eliminate some CSS and JS codes from the responded page.

Suggested solution: I think we need to pass the nonce code to be injected in all CSS and JS inline tags on any HTML page.

  api = Api(
      app,
      title="My File Sharing API",
      version="1.0",
      description="API for secure file sharing",
      doc="/swagger/",  
      js_nonce= 'c2adb6e68e57b6fc9ae701bccd9cdd38',
     css_nonce= 'c2adb6e68e57b6fc9ae701bccd9cdd38',
  )
Image

samialfattani avatar Dec 08 '25 05:12 samialfattani