loktar00 opened a new issue, #24818: URL: https://github.com/apache/superset/issues/24818
I have Swagger enabled in the config via `FAB_API_SWAGGER_UI = True` When attempting to go to the URL (and logging in as admin) I see the following in Brave and Edge  ``` Refused to load the stylesheet 'https://cdn.jsdelivr.net/npm/swagger-ui-dist@4/swagger-ui.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback. v1:55 Refused to load the image 'https://fastapi.tiangolo.com/img/favicon.png' because it violates the following Content Security Policy directive: "img-src 'self' data:". v1:155 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'strict-dynamic' 'nonce-LOs8l9GOnAS1e1K0ek9wV9aSEaJneEQQ'". Either the 'unsafe-inline' keyword, a hash ('sha256-1r8ykd7la2sNxnDBtNms0TqO7HUtu35cLQvWmZ7Tm64='), or a nonce ('nonce-...') is required to enable inline execution. ``` This is a very vanilla / new setup with no additional configuration done. #### How to reproduce the bug 1. Enable Swagger 2. Go to '`http://localhost:8088/swagger/v1` 3. You're presented with a white content area and errors in the console.  ### Expected results Swagger documentation loads ### Actual results Only the header loads. #### Screenshots If applicable, add screenshots to help explain your problem. ### Environment - browser type and version: Brave v1.56.11 - superset version: `superset version` - python version: `3.9.17` - any feature flags active: `{"ALERT_REPORTS": True, "EMBEDDED_SUPERSET": True}` ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [X] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [X] I have reproduced the issue with at least the latest released version of superset. - [X] I have checked the issue tracker for the same issue and I haven't found one similar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
