Diff

mod_rest/apidemo.lib.lua @ 4550:0befc680970b

mod_rest/apidemo: Disable validator How nice of them to leak the URL of every schema to them by default.
author Kim Alvefur <zash@zash.se>
date Sun, 25 Apr 2021 17:09:22 +0200
parent 4528:fd15e7f00ff5
child 4728:1c6d353550cc
line wrap: on
line diff
--- a/mod_rest/apidemo.lib.lua	Sun Apr 25 16:53:08 2021 +0200
+++ b/mod_rest/apidemo.lib.lua	Sun Apr 25 17:09:22 2021 +0200
@@ -17,6 +17,7 @@
 
 	-- SUCH HACK, VERY GSUB, WOW!
 	index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
+	index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
 end
 
 do
@@ -40,6 +41,7 @@
 _M.main_page = {
 	headers = {
 		content_type = "text/html";
+		content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
 	};
 	body = index;
 }