Skip to content

fix(api): use proper CSP hash for inline script in Swagger doc renderer#977

Merged
wolveix merged 1 commit intodanielgtaylor:mainfrom
leonklingele:fix/swagger-csp-inline-script-hash
Feb 19, 2026
Merged

fix(api): use proper CSP hash for inline script in Swagger doc renderer#977
wolveix merged 1 commit intodanielgtaylor:mainfrom
leonklingele:fix/swagger-csp-inline-script-hash

Conversation

@leonklingele
Copy link
Contributor

@leonklingele leonklingele commented Feb 19, 2026

A last-minute, seemingly inconspicuous, addition1 was made to #916 which resulted in changing the CSP hash for the inline script, effectively breaking Swagger Web UI spec rendering. This change updates to the correct hash.

Footnotes

  1. https://github.com/danielgtaylor/huma/compare/26af2c17e8cc3fca088c4a878611627c0389711a..b6a65071f8f3206a654dd37dabf2766ffab3e883

@leonklingele
fix(api): use proper CSP hash for inline script in Swagger doc renderer
f96605d 
A last-minute, seemingly inconspicuous, addition[^0] was made to
danielgtaylor#916 which resulted in changing the
CSP hash for the inline script, effectively breaking Swagger Web UI spec
rendering. This change updates to the correct hash.

[^0]: https://github.com/danielgtaylor/huma/compare/26af2c17e8cc3fca088c4a878611627c0389711a..b6a65071f8f3206a654dd37dabf2766ffab3e883
Copilot AI review requested due to automatic review settings February 19, 2026 07:25
@codecov
Copy link

codecov bot commented Feb 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.11%. Comparing base (58edcf2) to head (f96605d).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #977   +/-   ##
=======================================
  Coverage   93.11%   93.11%           
=======================================
  Files          23       23           
  Lines        4766     4766           
=======================================
  Hits         4438     4438           
  Misses        269      269           
  Partials       59       59

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a critical bug in the Swagger UI documentation renderer where an incorrect CSP (Content Security Policy) hash was preventing the inline script from executing, effectively breaking the Swagger Web UI spec rendering. The issue was introduced by a last-minute change in PR #916 that updated the CSP hash to an incorrect value.

Changes:

  • Updated the CSP sha256 hash for the inline script in the Swagger UI documentation renderer from an incorrect value to the correct one

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wolveix wolveix merged commit 07ca6c5 into danielgtaylor:main Feb 19, 2026
9 of 10 checks passed
@leonklingele
Copy link
Contributor Author

leonklingele commented Feb 19, 2026

This unfortunately warrants a new (hotfix) release, @wolveix :(

@wolveix
Copy link
Collaborator

wolveix commented Feb 19, 2026

@leonklingele yep, noted. Trying to get something else squeezed in before releasing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leonklingele @wolveix