# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1619363362 -7200
# Node ID 0befc680970b7b86736bd21f3b326f0e791a4031
# Parent  cce0e1ec8a74ea049859b8fef90c71b9d5f0b141
mod_rest/apidemo: Disable validator

How nice of them to leak the URL of every schema to them by default.

diff -r cce0e1ec8a74 -r 0befc680970b mod_rest/apidemo.lib.lua
--- a/mod_rest/apidemo.lib.lua	Sun Apr 25 16:53:08 2021 +0200
+++ b/mod_rest/apidemo.lib.lua	Sun Apr 25 17:09:22 2021 +0200
@@ -17,6 +17,7 @@
 
 	-- SUCH HACK, VERY GSUB, WOW!
 	index = index:gsub("(%s?url%s*:%s*)%b\"\"", string.format("%%1%q", module:http_url().."/demo/openapi.yaml"), 1);
+	index = index:gsub("(%s*SwaggerUIBundle%s*%(%s*{)(%s*)", "%1%2validatorUrl: false,%2");
 end
 
 do
@@ -40,6 +41,7 @@
 _M.main_page = {
 	headers = {
 		content_type = "text/html";
+		content_security_policy = "default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'";
 	};
 	body = index;
 }