Merge branch 'feature-DATAAPI-41_csp-nonce-support' into release-3.8.0

DominicWatson · DominicWatson · commit ecaa3a403454 · 2025-07-29T10:41:40.000+01:00
diff --git a/handlers/rest-apis/data/v1/docs/Swagger.cfc b/handlers/rest-apis/data/v1/docs/Swagger.cfc
@@ -22,7 +22,7 @@ component {
 			args.favicon = event.buildLink( systemStaticAsset="/extension/preside-ext-data-api/assets/favicon-32x32.png" );
 		}
 
-		event?.setContentSecurityPolicy( "default-src 'self'; style-src 'self' 'unsafe-inline' 'nonce-#event?.getRequestNonce()#'" );
+		event?.setContentSecurityPolicy( "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; worker-src blob:;" );
 
 		restResponse.setData( Trim( renderView( view="/swaggerLayout", args=args ) ) );
 		restResponse.setMimeType( "text/html" );

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ component {`
`22`	`22`	`args.favicon = event.buildLink( systemStaticAsset="/extension/preside-ext-data-api/assets/favicon-32x32.png" );`
`23`	`23`	`}`
`24`	`24`
`25`		`- event?.setContentSecurityPolicy( "default-src 'self'; style-src 'self' 'unsafe-inline' 'nonce-#event?.getRequestNonce()#'" );`
	`25`	`+ event?.setContentSecurityPolicy( "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; worker-src blob:;" );`
`26`	`26`
`27`	`27`	`restResponse.setData( Trim( renderView( view="/swaggerLayout", args=args ) ) );`
`28`	`28`	`restResponse.setMimeType( "text/html" );`