fix: allow wasm to load scalar-api-reference (#9332)

sileht · web-flow · commit 26cddaeffe41 · 2025-11-07T12:46:28.000Z
The new CSP header is now required by Scalar lib.

Fixes INC-299
diff --git a/public/_headers b/public/_headers
@@ -4,4 +4,4 @@
   X-Content-Type-Options: nosniff
   Referrer-Policy: same-origin
   Cache-control: public, max-age=600, no-transform
-  Content-Security-Policy: default-src 'self'; connect-src 'self' https://browser-intake-datadoghq.com https://api.mergify.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://plausible.io; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; frame-src 'self' https://www.youtube.com/; img-src 'self' data: https://img.shields.io; font-src 'self' https://fonts.gstatic.com https://fonts.scalar.com data:; manifest-src 'self' data:
+  Content-Security-Policy: default-src 'self'; connect-src 'self' https://browser-intake-datadoghq.com https://api.mergify.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://plausible.io; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; frame-src 'self' https://www.youtube.com/; img-src 'self' data: https://img.shields.io; font-src 'self' https://fonts.gstatic.com https://fonts.scalar.com data:; manifest-src 'self' data:
